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Course Description 

Course Description 



Target audience 



The target audience for Administering IBM® Lotus® Domino™ 6: Managing 
Servers and Users is administrators new to Lotus Domino who are responsible for 
maintaining an existing Domino 6 server and user Infrastructure. 



Summary description 



This course introduces students to standard server maintenance and 
troubleshooting tasks. Students will also maintain IBM® Lotus Notes® and non- 
Notes users. 



Course format and duration 



This course is a two-day lecture/lab instructor-led course. 



Course prerequisites 



The recommended path for this course is that it follows both the Administering 
IBM® Z_o?i/s® Domino™ 6: Operating Fundamentals and Administering IBM® 
Z_o?i/s® Domino™ 6: Building the Infrastructure courses so that students will 
understand and have experience with installing and configuring Domino servers 
and Notes clients. However, students may take this course immediately following 
the Administering IBM Lotus Domino 6: Operating Fundamentals course. 



Course goals 



After completing this course, students should be able to: 

■ Maintain a Domino environment. 

■ Monitor Domino servers and Notes users. 

■ Troubleshoot common problems with Domino servers and Notes users. 
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Course Description 



Course Description... (continued) 
Topics covered 

Administering IBM Lotus Domino 6: Managing Servers and Users covers the 
following topics: 

Managing users and groups 

■ Moving a user's mail file 

■ Changing a user's name 

■ Changing a user's location in the hierarchy 

■ Extending a Notes ID 

■ Deleting users 

■ Setting up roaming users 

■ Changing a user's group membership 

■ Managing groups 

■ Renaming groups 

■ Deleting groups 

Managing non-Notes and Notes clients 

■ Setting up browser clients 

■ Updating client software 

Managing servers 

■ Using the Server console window 

■ Defining a backup process 

■ Enabling Transaction logging 

■ Analyzing activity data 

■ Automating server tasks 

Updating servers 

■ Searching for server references in a domain 

■ Setting up authentication with other Domino organizations 

■ Changing server access 

■ Decommissioning a server 

■ Recertifying a server ID 

■ Changing administrator access 
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Course Description 

Course Description... (continued) 
Topics covered... 



Setting up server monitoring 

■ Identifying mechanisms for collecting server information 

■ Starting the Statistic Collector task 

■ Creating event generators 

■ Creating event handlers 

■ Enabling agent logging 

Monitoring server performance 

■ Viewing real time statistics 

■ Viewing statistics with Server Monitor 

■ Using the Domino Web Administrator 

■ Using the Domino Console 

Resolving server problems 

■ Solving authentication and authorization issues 

■ Using event triggers to troubleshoot problems 

■ Troubleshooting replication problems 

■ Troubleshooting connection problems 

■ Solving agent manager issues 

■ Recovering from a server crash 

Resolving user problems 

■ Troubleshooting workstation problems 

■ Troubleshooting database issues 

■ Troubleshooting connection problems 

■ Tracking user mail messages 
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Course Description... (continued) 
Recommended agenda for Day 1 



The following table shows the recommended agenda for Day 1 . 



Time 


Lessons or Topics 


15 minutes 


Introduction 


1 hour, 15 minutes 


Lesson 1: Managing Users and Groups 


15 minutes 


Break 


45 minutes 


Lesson 1: Managing Users and Groups (continued) 


1 hour 


Lesson 2: Managing Notes and Non-Notes Clients 


1 hour 


Lunch 


1 hour, 1 5 minutes 


Lesson 3: Managing Servers 


30 minutes 


Lesson 4: Updating Servers 


15 minutes 


Break 


1 hour, 1 5 minutes 


Lesson 4: Updating Servers (continued) 



Recommended agenda for Day 2 



The following table shows the recommended agenda for Day 2. 



Time 


Lessons or Topics 


1 hour, 30 minutes 


Lesson 5: Setting Up Server Monitoring 


15 minutes 


Break 


1 hour 


Lesson 6: Monitoring Server Performance 


1 hour 


Lunch 


2 hours 


Lesson 7: Resolving Server Problems 


15 minutes 


Break 


1 hour, 30 minutes 


Lesson 8: Resolving User Problems 
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Lotus Professional 
Certification 
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Lotus Professional Certification 

Lotus Professional 
Certification 



Lotus Education has a robust certification program in support of Lotus Notes and 
Domino technical competencies. For complete information on Lotus' professional 
certification program, visit the Lotus Education Web page at 
http://www.lotus.com/certification. 



Place in certification 



Delete this section and subsequent steps if there is no certification exam(s) 
connected with the course. 

Administering IBM Lotus Domino 6: Managing Servers and Users is listed as one 
of the preparation resources for the following exam(s): 

■ 622: Notes Domino 6: Managing Servers and Users 

This exam is part of the path for CLP IBM Lotus Domino 6 System Administrator 
certification. The complete path is described below. 



Exam 
Number 


Exam Name 


Certification Earned 


620 


Notes Domino 6 System Administration 
Operating Fundamentals 


CLS 


621 


Notes Domino 6: Building the 
Infrastructure 




622 


Notes Domino 6: Managing Servers and 
Users 


CLP (all 3 exams required) 
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Lotus Professional Certification 

Lotus Professional Certification... (continued) 



Preparing for a Lotus certification exam 



Attending this course and using this Student Guide will help you prepare for 
certification. Some topics covered on the exam are not covered in this course and 
some of the objectives covered in this course are not tested on the exam. Be sure 
to follow all the steps listed in order to prepare fully for the exam. 



Step 


Action 


1 


Review the exam competencies. 


2 


Get hands-on experience. 


3 


Use the Exam Preparation Chart. 


4 


Use all available resources. 



Step 1 : Review the exam competencies 



At the time of course publication, the exam competencies were not available to 
include in this guide. You will find the competencies listed in the Exam Guides 
located on the IBM Software Services for Lotus Certification Web page at http:// 
www.lotus.com/certification. 



Step 2: Get hands-on experience 



Actual hands-on experience is a critical component in preparing for the exam. 
The exam is looking to measure how well you perform tasks, not how well you 
memorize features and functions. 

■ Spend time using the product and applying the skills learned. 

■ Direct application of the skills learned in this class cannot be replaced by any 
other single resource listed here. 
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Lotus Professional Certification 

Lotus Professional Certification. ..(continued) 



Step 3: Use the Exam Preparation Chart 



The Exam Preparation Chart summarizes the learning resources available for 
each individual exam. 

A subset of this chart appears in the Preparing for the 622: Notes Domino 6: 
Managing Servers and Users exam section. The full chart is located on the IBM 
Software Services for Lotus Certification Web page at http://www.lotus.com/ 
certification . 



Step 4: Use all available resources 



We recommend using a range of resources when preparing to take an exam. 
The following table describes the types of resources available to prepare for 
certification exams. For a listing of resources specific to each exam, use the Exam 
Preparation Chart. 



Resource 


Brief Description 


Where to Find Resource 


Exam guides 


Complete version 
includes certification titles 
and paths, sample 
questions, and 
registration information. 


Abbreviated version is available in the 

Exam Competencies Appendix 

included in this course. 

Complete version is available on the 

IBM Software Services for Lotus 

Certification Web page at 

httpi//wwwJotus,com/certification. 


Lotus 

authorized 

courses 


Offered at Lotus 
Authorized Education 
Centers (LAECs) and 
Lotus Education locations 
worldwide. 


A complete list of courses and LAECs 
are available on the IBM Software 
Services for Lotus Education Web page 
at http://www.lotus.corn/education. 


CBT programs 


Used as an alternate 
learning tool and/or 
supplement to courses. 


Additional information is available at 
The Education Store on the 
IBM Software Services for Lotus 
Education Web page at 
http://www.lotus.com/education. 


Practice tests 


Available from a variety of 
vendors. Visit the 
individual exam 
preparation page to 
determine what practice 
tests are available for a 
specific exam. 


Available from IBM Software Services 
for Lotus Certification Web page at 
http://www.lotusxom/certification. 



(continued on next page. . .) 
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Lotus Professional Certification... (continued) 



Step 4: Use all available resources... 



nesource 


Diiei uescnpiion 


wnere io rina nesource 


Online learning 


May include additional 
items such as Learner- 
Directed Offerings from 

1 ntiiQ FHiiPfltinn anrl/nr 

LUIUO I UUbuUUI 1 CM IVJ/ \J\ 

authorized course in 
LearningSpace 


Learner-Directed Offerings from IBM 
Software Services for Lotus are 
available at http://www.lotus.com/ 

pHi iPfltinn 

The Notes.net Web site at 
http://www-10.lotus.com/ldd/lbYtes.nsf, 
See the complete Exam Preparation 
Chart for any additional online learning. 


Yellowbooks 


Official Lotus product 
documentation. 


Additional information available at The 
Education Store on the IBM Software 
Services for Lotus Education Web page 
at http://wwwJotus.com/education, 


Redbooks 


Technical cookbooks that 
address topics that the 
reference manuals may 
not cover. 


Ordering information is available at 
http://w ww.lotus.com/redbook. 



Preparing for the Notes Domino 6: Managing Servers and 
Users exam 



The following materials are available for the Notes Domino 6: Managing Servers 
and Users exam. 

■ Experience 

■ Exam Guide 

■ Administering IBM Lotus Domino 6: Managing Servers and Users (ND770) 
course 

■ Lotus Domino 6 Help Files 

For the most up-to-date resource listing for this exam, visit the IBM Software 
Services for Lotus Certification Web page at http:/ /www.lotus.com/certification . 
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Learning Processes and Conventions 



Learning Processes and 
Conventions 
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Learning Processes and Conventions 

Icon Quick Reference 



The following are brief descriptions of each of the learning process icons used in 
this course. 




Assessment 



Provides feedback to both the student and instructor and can be formal or 
informal. Assessments can be collected and graded or assessment answers are 
provided. 




Case study 



Exercises for discovery and exploration in advanced technical course that focus 
on problem solving. These have no "right" answer. The solution is a set of pros 
and cons and a recommended answer. 



Exercises 

Problem-solving learning processes in which students are given a set of criteria 
that they use to develop a working solution. 

There are two types of exercises: online and paper-based. The following two 
items show the icons that would accompany each. 



Online exercise 

Students complete the exercise using the computer. 



Paper-based exercise 

Students complete the exercise using paper and pencil. 
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Icon Quick Reference.. .(continued) 




Guided Practice 



Student-centered learning process that allows students to learn by performing a 
task. Guided Practices can be instructor-led or self-paced. 



Procedure 



Generic step-by-step instructions that explain how to perform a task. These are 
always presented in a table format. 




Review 



Reiterates main concepts and can be used to gain feedback, assess learning, 
review critical material, or to transition from one unit to another. 
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Learning Conventions 

Conventions are rules that govern how to display specific types of information. 
The following are learning conventions that may be used within this courseware. 



Cautions are short, descriptive paragraphs meant to warn of potential 

pitfalls or areas where students could experience problems during class 

or back on the job. 
Caution 

Note: Notes may appear in the Student Guide and can be used to note 
differences in content. 

Tip: Tips provide additional guidance, or a hint, for students about a topic or task. 
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Lesson 1 ■ Managing Users and Groups 




Managing Users and 
Groups 



In a large company, employee information is constantly changing. People move to 
new positions, change their name, or leave the company. When an employee 
moves to a new position, one of the most common administration tasks required is 
updating group information. Administrators must keep user information up-to-date 
in order for the Domino environment to function efficiently. 

Managing groups involves: 

■ Creating new groups 

■ Renaming or editing existing groups 

■ Deleting groups 

■ Changing an individual user's group membership 

Since user and group information appear in many places in the Domino 
environment, use the Administration Process to distribute changes throughout the 
Domino environment. 



Objectives 



After completing this lesson, you should be able to: 

s Register new Lotus Notes users. 

s Move a user's mail database. 

s Change a user's name. 

s Recertify a user's ID. 

s Change a user's location in the hierarchy. 

s Delete a user. 

s Create a roaming user. 

y Manage user groups. 

s Change a user's group membership. 
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Lesson 1 ■ Managing Users and Groups 



Classroom Scenario 

The following scenario will be used throughout the course to illustrate the 
business need behind the different administration tasks performed in this course. 




Classroom 
Scenario 



Worldwide Corporation is a manufacturer of pottery based on designs 
from around the world. Since beginning 10 years ago, it has grown to 
become one of the largest retail and wholesale distributors of pottery in 
the world. 

The company has stores and offices around the world. In addition to 
selling products through their retail stores, Worldwide Corporation 
receives orders from its catalog and Web site. 

® 

Worldwide Corporation recently purchased and implemented IBM 

(r) ™ 

Lotus Notes /Domino 6 because it addresses their critical business 
needs for messaging and collaboration with a reliable infrastructure. 
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Lesson 1 ■ Managing Users and Groups 



Classroom Configuration 



The following figure illustrates the assigned server and administrator names for 
this class. 



Doctor Notes/WWCorp 



r ^ 





East01/SVR/WWCorp East02/SVR/WWCorp 
Admin East01/East/WWCorp Admin East02/East/WWCorp 




_ 




East03/SVR/WWCorp East04/SVR/WWCorp 
Admin East03/East/WWCorp Admin East04/East/WWCorp 



9l~ 



Hub/SVR/WWCorp 




West01/SVR/WWCorp 




- J."..~ ' - 



West02/SVR/WWCorp 
Admin West01/West/WWCorp Admin West02/West/WWCorp 





West03/SVR/WWCorp West04/SVR/WWCorp 
Admin West03/West/WWCorp Admin West04/West/WWCorp 




': . ._• '7 






m BP 



East05/SVR/WWCorp East06/SVR/WWCorp West05/SVR/WWCorp West06/SVR/WWCorp 

Admin East05/East/WWCorp Admin East06/East/WWCorp Admin West05/West/WWCorp Admin West06/West/WWCorp 
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Adding Users 




Last week, Worldwide Corporation hired a large group of employees. 
This provides a key opportunity for administrators to manage user 
information. 



Classroom 
Scenario 



^3 Add new hires to WWCorp's Directory 

Follow these steps to register the new employees. 



Step 


Action 


1 


From Domino Administrator, select your assigned server. 


2 


From the People & Groups tab, choose Tools -> Peopled Register. 


3 


If prompted, select your regional certifier ID (for example, 
\Notes\Data\East.id or West.id), and click Open. 


4 


Enter the certifier password, and click OK. 


5 


On the Certifier Recovery Information Warning dialog box, click OK. 


6 


Select Advanced to see more registration options. 


7 


On the Basics panel, complete the following fields: 

■ Registration Server: your assigned server 

■ First name and Last name: Make up names 

■ Password: lotusnotes 

■ Password Options: 

■ Password Quality Scale: Weak password, not very secure (4) 

■ Select Set internet password. 

■ Click OK. 
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Lesson 1 ■ Managing Users and Groups 

Adding Users.. .(continued) 



Add new hires to WWCorp's Directory... 



Step 


Action 


8 


On the Mail panel, change the Mail Server to your assigned server. 


9 


If necessary, on the Address panel, complete the following fields: 

■ Internet Domain: wwcorp . com. 

■ Internet address: FirstInitialLastName@wwcorp . com 


10 


On the ID Info panel, complete the following fields: 

■ Certifier ID: your regional certifier ID (either East.id or West.id) 

■ Location for storing user ID: In Domino directory 


11 


Click jjgj to add the user to the Registration Queue. 


12 


Repeat Steps 7 and 11 to register at least five new users (the information 
added in Steps 8 through 10 become the defaults). 


13 


Click Register All. 


14 


Click OK to confirm the users were successfully registered, and then 
click Done. 



Components of a Notes ID 

Registering users and servers in a domain automatically creates corresponding 
Person documents, Server documents in the Domino Directory, and the 
associated ID files. A Notes ID identifies a user or server to Domino systems. 
A Notes ID contains: 

Name and license information 
Private key (encrypted with password) 
Public key 

Certificates (Domino and Internet, X.509) 
Encryption key(s) (optional) (encrypted with password) 
Recovery information (optional) 
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Lesson 1 ■ Managing Users and Groups 



Facts About the Administration Process 



The Administration Process is a program that automates administrative tasks 
such as: 

■ Rename a person or group. 

■ Delete a person or group. 

■ Recertify users. 



How does the Administration Process work? 



The following figure shows how requests are processed using the Administration 
Process. 



Person or server 
initiates request. 

Request is 
posted to 
Admin4.nsf. 




Stage 1 



\ 




LB LB 



Stage 2 



Admin4.nsf 
replicates 
throughout 
the domain. 




Administration 

server for the 
Domino Directory 
makes the change 

on its server, 
and posts status 

to Admin4.nsf 




Stage 3 



Stage 4 



Admin4.nsf 

and 
Names.nsf 
replicate 
throughout 
the domain. 





Administration server for 
the Domino Directory 



Standard Domino server 




Admin4.nsf 




Names.nsT] 



Note: Any server named as an administration server for a database completes 
changes to ACLs and fields, and then posts a status to its Administration 
Requests database. 
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Lesson 1 ■ Managing Users and Groups 

Changing User Names 

Each Domino user and server has a hierarchical name consisting of various 
components: 

■ Organization: Company or institution 

■ Organizational Unit(s): Department or regions 

■ Common name: Unique name, often the given and surname. The name used 
by the user. 



Name change requirements 



The Administration Process automates a name change by propagating the 
change throughout the Domino domain. The administrator initiating the name 
change requires at least the following access: 

■ Editor with Create documents access, or [UserModifier] role to the Domino 
Directory (Names. nsf) 

■ Author with Create documents access to the Certification log (Certlog.nsf) 

■ Author access to the Administration Requests database (Admin4.nsf) 

■ Access to the original certifier ID 



Advantages of the Administration Process 



The Administration Process method is preferable to editing the Person document 
because: 

■ The automated method updates groups and ACLs. 

■ Using the administrator tools creates a record in the Certification log. 
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Lesson 1 ■ Managing Users and Groups 



Changing User Hames^ (continued) 




A Worldwide Corporation staff member has legally changed their name. 
Personnel notifies User Support of the new name. 



Classroom 
Scenario 



Change a user's common name 



^ — * 

Follow these steps to change the user's name. 



Step 


Action 


1 


From Domino Administrator, select the instructor's server. 


2 


Click the People & Groups tab^ Domino Directories section-> 
WWCorp's Directory section -> People view. 


3 


Select a user name you previously registered. 


4 


Choose Tools->People->Rename. 


5 


Click Change Common Name. 


6 


Select Supply certifier ID and password. Click Certifier ID, select the 
certifier ID file you used to certify the user's ID earlier, and click Open. 


7 


Click OK to continue. 


8 


Enter the password for the selected certifier, and click OK. 


9 


Accept the default certificate expiration date, and click OK. 


10 


Change the user's Last name, and then change the Short name and Internet 
address fields accordingly. 


11 


Click OK to submit the request to change the common name. 


12 


Click OK after viewing the number of entries processed. 



Name change requests 



Users can request a name change via e-mail. The name change is completed via 
mail actions by the administrator and the user. For more information, refer to the 
Lotus Notes 6 Help topic Renaming a user's common or alternate name. 
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Lesson 1 ■ Managing Users and Groups 



Moving a User 

Administrators may need user-specific files moved to other Domino servers when: 

■ More space is required on a server. 

■ Servers are reorganized: Added or consolidated. 

■ Users change jobs or move to different parts of the organization. 

Additional considerations when using shared mail 



Shared mail permits using a central location for accessing mail messages sent to 
multiple users on the same server. If using shared mail, unlink the mail database 
from any shared mail databases. For more information on unlinking shared mail 
databases, refer to the Domino Administrator 6 Help database topic Managing a 
shared mail database. 



26 



Administering IBM Lotus Domino 6: Managing Servers and Users 



Lesson 1 ■ Managing Users and Groups 



Moving a User...(continued) 




One of Worldwide Corporation's Sales employees is moving to 
another region. 



Classroom 



Scenario 




Move the user's Mail database to another server 



Follow these steps to move their mail database to a server in their new area. 



Step 


Action 


1 


From Domino Administrator, select the instructor's server. 


2 


Click the People & Groups tab-> Domino Directories section-> 
WWCorp's Directory section->People view. 


3 


Select one of the users you registered earlier. 


4 


Choose Tools-> Peopled Move to Another Server. 


5 


From the Destination drop-down box, select the other classroom server 
assigned by the instructor. 


6 


Enter the new mail database location, for example \mail, and click OK. 
Result: A request is created in the Administration Requests database. 


7 


Click OK when notified of success. 



Administration Process actions 



The Administration Process completes the mail database move and updates the 
appropriate documents. This action is dependent upon the Administration Process 
settings (located in the Server document->Server tasks tab-> Administration 
Process tab) and replication schedule for the Domino servers. 



Updating the user's Location document 



Once the mail database is moved and the appropriate Person document is 
updated, the user's workstation information is changed to reflect the new 
database location the next time the user connects to the server. 

Note: On rare occasions, it may be necessary to manually edit the Location 
document. 
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Extending the Expiration Date on a 
Notes ID 

For security reasons, the certificate in the user ID is given an expiration date. 
When a certificate expires, a user can no longer use it to communicate with 
servers and clients. Notes prompts the user when the certificate is about to expire. 

Server and certifier IDs can also expire. Although, typically the expiration date is 
set much longer than on user IDs. 



Viewing certification expiration dates 



A user can view a certificate expiration date in the User Security dialog box. 
From the Notes client, choose File->Security->User Security. 

Administrators can view certification expiration dates for multiple users. 
From Domino Administrator; click Configuration tab-> Certificates section-* 
Certification Expiration view. 



Recertification requirements 



Recertifying a Notes ID requires the following access levels: 

■ Domino Directory: Author with Create Documents access and the 
[UserModifier] role or Editor access 

■ Certification log: At least Author with Create Documents access 
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Extending the Expiration Date on a Notes ID— (continued) 




Recertify an expiring ID 



Follow these steps to extend the expiration date on a user's ID. 



Step 


Action 


1 


From Domino Administrator, click the People & Groups tab-> 

Domino Directories section ->WWCorp's Directory section ^People view. 


2 


Select a user who you registered earlier in this lesson, and then choose 
Tools-> Peopled Recertify. 


3 


To specify a registration server, click Server, select Hub/SVR/WWCorp, 
and click OK. 


4 


Select Supply certifier ID and password. 


5 


Click Certifier ID, select your regional Organizational Unit certifier ID 
(either East. id or West. id) to recertify the user ID, and click Open. 


6 


Click OK to continue. 


7 


Enter lotusnotes for the certifier ID's password, and click OK. 


8 


In the Renew Certificates In Selected Entries dialog box, complete the following: 

■ Enter a new date in the New certificate expiration date field. 

■ Select Inspect each entry before submitting request. 

Click OK. 


9 


Review the entry, then click OK to view the next entry until all entries are 
processed. 


10 


Click OK when notified of the number of entries processed. 

Result: A request to recertify the user is posted to the Administration 
Requests database for each user processed. 
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Deleting Users 

When users leave the company, delete user information from the Domino 
Directory to prevent access to corporate servers and files. 




An employee is transferring to a subsidiary outside the Worldwide 
Domino domain. Another employee will use the transferring employee's 
mail database for departmental information so there is a request to keep 



Classroom their mail functioning. 
Scenario 




Delete a user 



Follow these steps to delete the user and retain the mail database. 



Step 


Action 


1 


From the Domino Administrator, select the instructor's server. 


2 


Click the People & Groups tab->Domino Directories pane-> 
WWCorp's Directory section -> People view. 


3 


Select a user name you registered earlier. 


4 


Choose Tools-> Peopled Delete. 


5 


Select Do not delete the mail database. 


6 


Click OK. 

Result: The Administration Process deletes all references to the user, 
except the mail file. 



Note: For information, refer to the Lotus Notes 6 Help topics Deleting a user name 
with the Domino Administrator and Delegating access to your mail file. 



Securing the Domino environment 



Deleting a user from the Domino Directory, groups, and ACLs may not prevent 
all access to the Domino environment. If a user has retained a copy of their ID, 
they could access a server. 

To secure the Domino environment, add deleted user names to a group 
specifically denied access to all servers (for example, a group called Deny 
Access). 
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Managing Users and Groups 



Changing User Locations 
Organizational Hierarchy 



in 



Similar to changing a user's common name, administrators can change a user's 
location within the organizational hierarchy. This may be necessary when a 
user changes: 

■ Job function 

■ Geographical location 



Certifier change requirements 



The Administration Process automates recertification by propagating changes to 
a user's certification throughout the Domino domain. The administrator initiating 
the recertification requires at least: 

■ Editor with Create Documents access or [UserModifier] role to the 
Domino Directory 

■ Author with Create Documents access to the Certification log database 
(Certlog.nsf) 

■ Author access to the Administration Requests database (Admin4.nsf) 

■ Access to the original certifier ID (See Requesting a new certifier in 
this lesson) 

■ Access to the new certifier ID to complete the change (See Completing the 
move in this lesson) 
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Changing User Locations in Organizational 
H ierarchy... (continued) 

Checklist: Recertifying a user 



Complete these tasks to recertify a user. 





Task 


Procedure 


□ 


1 


Request a new certifier. 


□ 


2 


Complete the move. 



Task 1 : Request a new certifier 



Follow these steps to reassign a user to another Organizational Unit certifier. 



Step 


Action 


1 


From the Domino Administrator, select the server to administer. 


2 


Click the People & Groups tab->Domino Directories section^ 
Your Directory section -> People view. 


3 


Select the people to move to a new certifier. 


4 


Choose Tools-> Peopled Rename. 


5 


In the Honor old names for up to days (Between 14 and 60 days) field, 

enter a value. The default is 21 days. 


6 


Click Request Move to New Certifier. 


7 


Select Supply certifier ID and password. Click Certifier ID, select the 
original certifier ID file, and click Open. 


8 


Click OK to continue. 


9 


Enter the password for the selected certifier, and click OK. 


10 


Select the new certifier ID file from the New Certifier drop-down box, 
then click OK. 


11 


Click OK to submit the request to change the certifier. 


12 


Click OK after viewing the number of entries processed. 
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Changing User Locations in Organizational 
H ier archy. . . (continued) 

Task 2: Complete the move 



Once the request is posted, the move to the new certifier is approved by the 
owner of the new certifier. Follow these steps to complete the move. 



Step 


Action 


1 


From Domino Administrator, click the Server tab-> Analysis tab-> 
Administration Requests (6) section -> Name Move Requests view. 


2 


Select the users to be moved. 


3 


Click Complete move for the selected entries. 


4 


Select Supply certifier ID and password. Click Certifier ID, select the new 
certifier ID file, and click Open. 


5 


Click OK to continue. 


6 


Enter the certifier password, and click OK. 


7 


Accept or change the expiration date, and then click OK. 


8 


(Optional) Enter a Qualifying Org. Unit. 


9 


Click OK to submit the request to change the certifier. 


10 


Click OK after viewing the number of entries processed. 
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Change the Organizational Hierarchy 





Worldwide Corporation is assigning Sales and Marketing 
representatives based on their regional location. For example, staff in 
Great Britain will use the following naming convention: 

^ScenTriQ 1 common name/Sales/GB/WWCorp 



Add an Organizational Unit (OU) 



Complete the following tasks: 
■ Create a unique OU certifier. 

What steps did you use? 



■ Move two of the users you registered earlier to the new OU. 
What steps did you use? 
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What is a Roaming User? 



A Roaming user is someone who is set up to have their personal up-to-date Notes 
information available to them on any PC. 



How roaming works 



When a roaming user logs on from a different Notes client, Domino automatically 
retrieves the user's ID file, Personal Address Book, bookmarks, and journal from 
the roaming user's mail server. 



Work 




Replication 
($crver and local) 



...MJsername\... 



Personal directory 



Welcome Page 



Bookmarks 



Address Book 




Journal 



ID rile 



Preference Settings 
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What is a Roaming User?... (continued) 
Advantages of roaming 

Advantages for administrators are: 

■ Easier upgrade and service of machines, due to information stored on 
the server 

■ Automatic remote clean-up of machines 

■ Centrally locate user information 

Advantages for users include: 

■ Increased mobility 

■ Easier access to information 

■ Secure information 



Considerations 

When using the roaming user feature, consider the following: 

■ Disk space on the server 

■ Server performance 

The recommendation is to dedicate a server on which to store roaming user files, 
especially for enterprise-wide deployments. 
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Creating Roaming Users 

Create a roaming user during registration 



Administrators can specify roaming users during initial registration, or can 
upgrade existing users. Follow these steps to create a roaming user during the 
registration process. 



Step 


Action 


1 


Click the People & Groups tab-> People view. 


2 


Choose Tools->People->Register. 


3 


Enter the certifier password, and click OK. 


4 


On the Certifier Recovery Information Warning dialog box, click OK. 


5 


Enter the first and last name of the user. 


6 


Enter lotusnotes as the password. Click Password Options, set the 
password quality to 4 and click OK. 


7 


Click Enable roaming for this person. 


8 


Select Advanced. 


9 


Click Roaming. 


10 


Click Roaming Server, select your server, and click OK. 


11 


If necessary, in the Personal roaming folder, enter roaming\username. 


12 


Select Create roaming files now. 

Result: Roaming databases (Bookmarks.nsf, Journal.nsf and Names.nsf) 
are created. 

If Create roaming files in background is selected, the files are created the 
next time the Administration Process runs. 


13 


Click jg£ to add the user to the Registration Queue. 


14 


Click Register. 


15 


When the registration is complete, click OK. 


16 


Click Done. 

Result: New user appears in the People view. The Globe icon indicates the 
user is roaming. 
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Creating Roaming Users... (continued) 




Convert an existing user to roaming 



Follow these steps to create a roaming user by converting an existing user. 



Step 


Action 


1 


Select a user you created earlier in the lesson. 


2 


Choose Tools->People->Roaming. 


3 


Click Roaming Server, select your server, and click OK. 


4 


Keep the remaining defaults. Click OK. 

Result: A message box displays indicating that an administration request 
has been issued to upgrade one user to roaming. 


5 


Click OK. 


6 


Click Edit Person to open the Person document of the converted user. 


7 


Click the Roaming tab. 

Result: If the User can roam field value is In Progress, this user is in the 
process of being upgraded to roaming. 



Administration Process for roaming users 



When a user is upgraded to roaming, the Administration Process changes the 
user's status in their Person document from non-roaming to roaming and creates 
a personal subdirectory for each roaming user through the following process: 

■ Client information is updated in the Person record. 

■ Roaming user's replica stubs are created on the server. 

■ Roaming user's information is updated in the Person record. 

■ Roaming user's replica stubs are monitored to ensure completion of 
replication. 

■ Roaming user's state is updated in the Person document. 
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(Optional) Using Alternate Naming 



Lotus Notes and Domino support adding an alternate name to a user's ID file. 
The biggest benefit to using alternate names is for international companies to: 

■ Identify organizations and organizational units in multiple languages. 

■ Allow users to be identified in two languages. 

Alternate names give a user the ability to use their native language and character 
set for display and name lookup purposes. For example, a Chinese person 
could be known in the U.S. by given-name-first, surname-last, as is U.S. custom. 
In China, the person would be known by surname-first, given-name-last, as is 
Chinese custom. 

Note: A user ID may contain only one alternate name. 




Checklist: Assigning alternate name 



Complete these tasks to create and assign alternate names. 





Task 


Procedure 


□ 


1 


Add an alternate language to a certifier ID. 


□ 


2 


Add an alternate name to a user: 

a. Register a new user with an alternate name. 

b. Recertify a user with an alternate name. 



Administering IBM Lotus Domino 6: Managing Servers and Users 



39 



Lesson 1 ■ Managing Users and Groups 



(Optional) Using Alternate Naming... (continued) 




Task 1: Add an alternate language to a certifier ID 



Before being able to add an alternate name to a user's ID file, the certifier ID must 
permit the use of an alternate language. 

Follow these steps to add an alternate language to a certifier ID. 



Step 


Action 


1 


From Domino Administrator, click the Configuration tab. 


2 


Choose Tools->Certification->Certify. 


3 


Select the certifier ID, and click Open. Click OK. 


4 


Enter the password, and click OK. 


5 


Select the 0 or OU certifier ID to recertify, and click Open. 


6 


Enter the password, and click OK. 


7 


Click Add. Select a Language, and enter an organization or organization unit, 
and then click OK. 


8 


Click Certify to complete the registration. 



Notes: 

■ An Organizational Unit certifier or a user is certified by its parent certifier. 

■ An Organization certifier acts as its own parent. Therefore, the organization 
certifier ID file is both the certifying ID and the ID to be certified. 
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(Optional) Using Alternate Naming. ..(continued) 




Once you have set up the alternate language in a certifier, you may register users 
and specify their alternate name. Follow these steps to add an international user. 



Step 


Action 


1 


From Domino Administrator, click the People & Groups tab. 


o 
c. 


onoose loois^reopie^riegisier. 


o 
O 


If necessary, select the certifier ID, and then click OK. 


A 

4 


truer xne ceriiiier passworo, ano ciick 


5 


Add the required information to register a user. 


6 


Select Advanced to see more registration options. 


7 


On the ID Info panel, select the certifier ID file that contains an alternate 
language. 


8 


On the Other panel, complete the following fields: 

■ Alternate name language 

■ Alternate name 

■ (Optional) Alternate org unit 


9 


Click 


10 


Click Register. 


11 


When complete, click OK and then click Done. 
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(Optional) Using Alternate Naming. ..(continued) 



Adding alternate names 



If alternate languages are added after initial registration, edit Person documents 
and recertify users to add alternate name representations. 



Task 2b: Recertify a user with an alternate name 



Follow these steps to add an alternate name to an existing user during 
recertification. 



Step 


Action 


1 


From Domino Administrator, click the Configuration tab. 


2 


Choose Tools-> Certification^ Certify. 


3 


Select the certifier ID containing an alternate language, and click Open. 


4 


Enter the password, and click OK. 


5 


Select the user ID that needs an alternate name assigned, and click Open. 


6 


Enter the password, and click OK. 


7 


Click Add. Select a Language, and enter a Common Name, then click OK. 


8 


Click Certify to complete the registration. 
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(Optional) Using Corporate Hierarchy 



In addition to alternative names, administrators can define the user's, corporate 
hierarchy. Corporate hierarchy lists addresses by corporate departmental 
structure. Defining a user in the corporate hierarchy is a common way of finding a 
person in the directory in many corporations. 



Adding corporate hierarchy information to a user 



Users are often identified by their position in the corporate hierarchical structure. 
Follow these steps to add corporate hierarchy information. 



Step 


Action 


1 


From Domino Administrator, select the appropriate server. 


2 


Click the People & Groups tab->Domino Directories section-> 
Your Directory section-> People view. 


3 


Select the user, and click Edit Person. 


4 


Click the Work/Home tab->Corporate Hierarchy Information tab. 


5 


Add the correct information for the user's position in the corporate structure. 


6 


Click Save & Close. 
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Managing Groups 

Groups are lists of users, groups, and servers that have common traits. They are 
useful for mailing lists and access control lists. Using groups can simplify 
administration tasks. 

By default, the Domino Directory contains two groups: 

■ LocalDomainServers - all servers in the current domain. Domino automatically 
adds servers that you register in the current domain to this group. 

■ OtherDomainServers - all servers that are not in the current domain. 



Group types 



The group type specifies the purpose of the group and determines the views in the 
directory and Domino Administrator where the group name appears. For example, 
mailing list groups appear on the Messaging tab in the Mail Users view. Domino 
applications include the following default group types. 



Group Type 


Description 


Multi-purpose 


Use for mail and access control to databases and servers. 
This is the default group type. 


Access Control 
9® List only 


Use to control access to servers and databases only. 


Mail only 


Use for mail distribution lists only. 


m Servers only 


Use in Connection documents. This group type displays in 
the Domino Administrator client's Domain Bookmarks for 
grouping purposes. 


m Deny List only 

m 


Use to deny terminated users, or other users, access to the 
Domino environment. This group type does not appear in 
the Groups view. The Administration Process will not delete 
members of the group. 
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Managing Groups...(continued) 




View groups 



Follow these steps to view the current groups. 



Step 


Action 


1 


From Domino Administrator, select the Hub/SRV/WWCorp server. 


2 


Click the People & Groups tab-> Domino Directories section-> 
WWCorp's Directory section->Groups view. 

Result: What symbol indicates a multi-purpose group? 


3 


List the group names in each of the following categories. 
Result: 

■ Mail only: 

■ Access control list only: 



Creating a new group 



New groups are created to support additional organizational needs. For example, 
a team is formed for a specific project. A multi-purpose group is used as a mailing 
list and to determine access to team-specific databases. Administrators require 
the Domino Directory [GroupCreator] role. 



Manageable group names 



There is no limit to the number of names in a group. However, the total number of 
characters used for names in the group cannot exceed 15 KB. To keep groups 
manageable, split a large list of users into two or more groups. 
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Managing Groups...(continued) 




Creating a deny access group 



Worldwide Corporation requires a terminations group. When employees leave the 
company, they are added to this Deny Access list to prevent them from accessing 
the server from an ID they may have taken with them. 

Follow these steps to create a terminations group. 



Step 


Action 


1 


From Domino Administrator, select a server. 


2 


Click the People & Groups tab-> Domino Directories section-> 
Your Directory section->Groups view. 


3 


Click Add Group. 


4 


On the Basics tab, complete the following fields: 

■ Group name: Unique name describing the group's use, for example, 
Discharged Employees 

■ Group type: Deny List only 

■ Description: Group definition that appears in the view 

■ Members: Users recently removed from the system. For example, 
deleted users. Enter names or press enter to select from a directory. 


5 


On the Administration tab, complete the following fields: 

■ Owners: Users allowed to change the group membership 

■ Administrators: Users allowed to edit the Group document 

■ Allow foreign directory synchronization: Group is copied to foreign 
directories during synchronization. 


6 


Click Save & Close. 



Note: Deny List only groups appear in the Domino Directory in the Deny Access 
Groups view. 
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Renaming a Group 

To guarantee a name change is propagated throughout an organization, 
administrators should rename a group using the Administration Process. 



Administration Process rename group requests 



The following table lists the places a group name is updated and the timing. 



Renames 
Group in... 


When 


Result 


Domino 
Directory 


1 hour 


Updates the group's name in the Domino Directory, 
except in Person documents. 


Access 
Control List 


1 hour 


Each server in the domain updates the group's name in 
ACLs of databases for which it is an administration server. 


Person 
documents 


Daily 


Updates the name in Domino Directory Person documents. 


Reader/ 
Author fields 


Weekly 


Each server in the domain updates the group's name in the 
Reader/Author fields of the databases for which it is named 
as Administration server and that have specified the ACL 
option Modify all Reader/Author fields. 



Note: The timing shown for each task is the default. 



Changing a group name 



Administrators require the Domino Directory [GroupModifier] role to rename a 
group. Follow these steps to rename a group using the Administration Process. 



Step 


Action 


1 


From Domino Administrator, select a server. 


2 


Click the People & Groups tab->Domino Directories section-> 
Your Directory section->Groups view. 


3 


Select the group to rename. 


4 


Choose Actions-^ Rename Group. 


5 


Click Yes to confirm the rename. 


6 


Enter the new name, and click OK. 


7 


Click OK to complete the rename. 
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Deleting a Group 

Deleting a group affects many different elements of the Domino environment. 
Use the Administration Process request Delete group in the Domino Directory to 
delete a group. 



Delete group requirements 



Administrators require one of the following access levels in the Domino Directory 
to delete a group: 

■ Author with Delete documents access and the [GroupModifier] role 

■ Editor with Delete documents access 



Deleting a group 



Once administrators have the correct privileges, they can delete any group. 
Follow these steps to delete a group. 



Step 


Action 


1 


From Domino Administrator, select a server to administer. 


2 


Click the People & Groups tab -> Domino Directories section-> 
Your Directory section-^ Groups view. 


3 


Select the group for deletion. 


4 


Click Delete Group, and click Yes to continue. 

Result: If the server is running Windows NT, Domino Administrator will 

prompt to delete the corresponding group account from Windows NT User 

Manager. 


5 


Click Yes to delete the group account. 


6 


Select one of the following options: 

■ Yes: Immediately deletes all references to the group in the current replica 
of the Domino Directory. 

■ No: Posts a Delete in Directory request in the Administration Requests 
database. The Administration Process deletes references to the group in 
the Domino Directory and database ACLs. 


7 


Click OK. 
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Changing Group Membership 

In addition to creating, renaming, and deleting groups, administrators may need to 
change a user's group membership. For example, a user moves to a different 
position in the company and now requires a different set of group affiliations 
reflecting new responsibilities. 



fc^X Viewing group membership 



Maintaining group membership requires determining the groups a user belongs 
to. Follow these steps to view group membership. 



Step 


Action 


1 


From Domino Administrator, select a server. 


2 


Click the People & Groups tab. 


3 


Choose Tools->Groups->Manage. 


4 


From the People and Groups Look in drop-down box, select the appropriate 
directory. 


5 


Select a group from the listing in the left pane. 


6 


From the Group Hierarchies Look in drop-down box, select the appropriate 
directory listing. 


7 


Select Only member hierarchies. 


8 


Expand groups to view the membership for the group. 


9 


Click Done. 
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Assign Users to a Group Exercise 




Worldwide Corporation uses an application database to record User and 
Technical Support calls. Only the support staff needs access to this 
database. 



Classroom 
Scenario 




Create a group 



Create a group with the following characteristics: 

■ A name reflecting how the group is used 

■ A group type appropriate to use 

■ Members, including: 

■ All servers - for replication 

■ Two users you created earlier 

■ All administrators 

Answer the following questions: 

■ What did you name the group? 

■ What group type did you use? 
Why? 

■ List the group members. 

Perform the following tasks: 

■ Change one member to a different group. 

■ (Optional) Delete the group you just created. 



50 



Administering IBM Lotus Domino 6: Managing Servers and Users 



Lesson 2 ■ Managing Notes and Non-Notes Clients 




Managing Notes and 
Non-Notes Clients 



It is not always possible, practical, or necessary for every employee in a company 
to have access to a computer with a Lotus Notes client. This lesson covers how to 
manage users who need to access the Domino environment using a Notes client 
and a non-Notes client. 

Objectives 

After completing this lesson, you should be able to: 

s Set up browser clients. 

s Update Notes client software. 
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Non-Notes Client Users 

Non-notes client users are users who do not use a Notes client to access the 
Domino environment through a Web browser or another e-mail client. A Domino 
server supports these internet protocols used by non-Notes clients: IMAP, LDAP, 
POP3, and HTTP 

User types include: 

■ Registered users: Users listed in the Domino Directory or a trusted 
directory with: 

■ A valid user name and password 

■ A valid Internet (X.509) certificate 

■ Non -registered users: Users who do not have an Internet (X.509) certificate, 
Internet password, or are not listed in the Domino Directory or a trusted 
directory. 



Registered users 



Registered users listed in the Domino Directory or a trusted directory can access 
restricted resources on the Web server. To register a non-Notes client user, 
an administrator can do any of the following: 

■ Create a Person document in the Domino Directory. 

■ Set up Directory Assistance to authenticate via a trusted directory. 

■ Refer to Lotus Domino Administrator 6 Help topic Name-and-password 
authentication for Internet/intranet clients for more information. 

■ Build a registration application to allow users to register themselves. 



Non-registered users 



A non-registered user is assigned the user name Anonymous when accessing 
the Domino Web server: 

■ By default, the Domino Web server allows Anonymous access. 

■ If the administrator prevents Anonymous access, all Web clients will be 
required to provide a name and password in order to access the server. 
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Registering a Non-Notes Client User 

As mentioned earlier, there are three ways to register non-Notes client users. 
The most straightforward way is creating a Person document for the user. 




A new Sales department employee needs to access mail via a Web 
browser. Since she will need access to many restricted databases, 
she must be registered in the Domino Directory. 



Classroom 
Scenario 




Register the non-Notes client user 



Follow these steps to create an entry for the new user. 



Step 


Action 


1 


From Domino Administrator, select your assigned server. 


2 


From the People & Groups tab, choose Tools ->People-> Register. 


3 


Enter the certifier password, and click OK. 


4 


If necessary on the Certifier Recovery Information Warning dialog box, 
click OK. 


5 


Select Advanced to see more registration options. 


6 


On the Basics panel, complete the following fields: 

■ Registration Server: Your assigned server 

■ First name and Last name: Make up a name 

■ Password: lotusnotes 

■ Password Options: 

■ Password Quality Scale: Weak password, not very secure (4) 

■ Select Set internet password. 

■ Click OK. 



(continued on next page...) 
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Registering a Non-Notes Client User... (continued) 



Register the non-Notes client user... 



Step 


Action 


7 


On the Mail panel, complete the following fields: 

■ Mail System: POP 

■ Mail Server: Your assigned server 

■ Mail file owner access: Manager 


8 


If necessary, on the Address panel, complete the following fields: 

■ Internet Domain: wwcorp . com. 

■ Internet address: FirstInitialLastName@wwcorp.com 


9 


On the ID Info panel, complete the following fields. 

■ Deselect Create a Notes ID for this person. 

■ Certifier Name List: Your regional certifier ID (either East.id or West.id) 


10 


Click f£ to add the user to the Registration Queue. 


11 


Click Register. 


12 


Click OK to confirm the user was successfully registered, and then click Done. 
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Testing User Access 

To complete the procedure of adding a non-Notes client user, test the user's 
access to mail via a Web browser. 




Test access to the mail database from a Web browser 



Follow these steps to open the user's Mail database from a Web browser. 



Step 


Action 


1 


Open a Web browser. 


2 


Enter the URL for the mail database. For example, enter: 

http : / /hub . wwcorp . com/mail /mgrassi . nsf 

Result: A dialog box displays stating Do you want to install and run "Lotus 

Domino applet." 


3 


Click Yes. 


4 


Enter the user name and password. 


5 


Once you have successfully opened the mail database, close the 
Web browser. 



Distribute user information 



After a successful test, distribute the login information to the user. Distribution 
options include: 

■ Give a hard copy of the information to the user during client setup. 

■ E-mail the information to the user using an alternate e-mail system. 

■ Place the user information in a secure database on a Web site where users 
can maintain their user information and change their password. 

■ Use postal mail to send the information to the user. 
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Upgrading Client Software 

IBM Lotus Notes Smart Upgrade allows administrators to configure and distribute 
Notes client upgrades to any subset of clients using Notes as a distribution 
mechanism, eliminating the need for desk side visits. 



Checklist: Setting up Lotus Notes Smart Upgrade 



Administrators create the kit database, download kits from the Lotus Developer 
Domain, and create associated kit documents. Lotus Notes Smart Upgrade 
utilizes a database based on the SmUpgrade.ntf template. Follow these steps to 
set up Lotus Notes Smart Upgrade. 



Task 


Procedure 


1 


Create the Lotus Notes Smart Upgrade database. 


2 


Add a database link to the Configurations Settings document. 


3 


Obtain an upgrade kit. 


4 


Create a document for the Smart Upgrade kit. 


5 


Create or modify desktop settings with upgrade information. 


6 


Create or modify a master policy and add the desktop policy. 


7 


Assign policy to Person document(s) or one or more groups. 



Task 1: Create the Lotus Notes Smart Upgrade database 



Follow these steps to create the Lotus Notes Smart Upgrade database. 



Step 


Action 


1 


In the Domino Administrator, choose File-> Database-^ New. 


2 


In the New Database dialog box, enter the following information: 

■ Server: <your server name>/ SVR/WWCorp 

■ Database title: Smart Upgrade Kits 

■ File Name: smartupg .nsf 


3 


Select your sever as the template server. 


4 


Select the Show advanced templates checkbox. 


5 


Select Smart Upgrade Kits (6) (SmUpgrade.ntf) from the list, and then 
click OK. 

Result: The database is created and opens. 
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Upgrading Client Software... (continued) 



Task 2: Add a database link to the Configuration Settings 
document 



Follow these steps to add the Lotus Notes Smart Upgrade database link to the 
Configurations Settings document. 



Step 


Action 


1 


With the Smart Upgrade Kits database open, choose Edit->Copy As Link-> 
Database Link. 


2 


From Domino Administrator, click the Configuration tab-> 
Server section -^Configurations view. 


3 


Select the appropriate Configuration Settings document, and click Edit 
Configuration. 


4 


On the Basics tab, right-click inside the Smart Upgrade Database link field, 
then choose Paste. 


5 


Click Save & Close. 



Task 3: Obtain an upgrade kit 



Download an upgrade kit from the Lotus Developer Domain at the following URL: 

http : / /www- 10 . lotus . com/ ldd/ down . ns f 



Task 4: Create a document for the Smart Upgrade kit 



Follow these steps to add the upgrade kit to the Lotus Notes Smart Upgrade 
database. 



Step 


Action 


1 


With the Smart Upgrade Kits database open, click New Kit. 


2 


Use the following table to complete the fields on the Basics and Data tabs. 


3 


Click Save & Close. 


4 


Select the document you just created and click Enabled. 
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Upgrading Client Software... (continued) 



The Lotus Notes Smart Upgrade Kits database 



The following table describes the fields in the Lotus Notes Smart Upgrade Kits 
database main view. 



Field Name 


Description 


Basics tab 


Source version 


The minimum version of Notes required on the client for 
this kit. The source version needs to exactly match the 
version string displayed in Notes Help-> About. If there is 
an * in the field (usually for full install kits), any version of 
Notes client can use this kit to upgrade. 


Destination version 


The version of Notes in the upgrade kit. This value is used 
to string together multiple upgrade kits. For example: 

■ V6.0^V6.1 

■ V6.1^V6.2 


Operating system 


The operating system for which the upgrade kit is designed. 


Localization 


The language of the upgrade kit. 


Restart Lotus Notes after 
upgrade completes 


Select this option to automatically restart the Notes client 
after the upgrade. 


Enabled 


Select this option to enable the kit to be used for upgrades. 


Data tab 


Location of Upgrade Kit 


■ Select Attached to this note, and then attach the 
upgrade kit file in the Attach Upgrade Kit here field. 

■ Select On a shared network drive, and then enter the 
complete path to the network drive that stores the 
upgrade kit in the Full path to Upgrade Kit field. 


Optional arguments 


Enter any arguments to be used when launching the 
setup program. 


Administration tab 


Allowed Users 


Enter the names of users who are allowed to use this 
Upgrade Kit. If the field is empty, all users can use it. 
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Upgrading Client Software... (continued) 

Using Policy documents to update client software 



Refer to Appendix D: Additional Reference Material for more information on 
completing the following three tasks: 

■ Task 5: Create or modify desktop settings with upgrade information 

■ Task 6: Create or modify a master policy and add the desktop policy 

■ Task 7: Assign policy to Person document(s) or one or more groups 
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Lesson 3 ■ Managing Servers 




Servers 



An important part of an administrator's responsibilities is ensuring that the data 
stored on Domino servers is up-to-date and highly available. For this reason, it is 
important to have a full backup of important data ready to be restored in the event 
data has been damaged during a server crash. 

Objectives 



After completing this lesson, you should be able to: 

✓ Use the server console window. 
s Plan a backup process. 

^ Enable transaction logging. 

✓ Analyze Activity data. 
^ Automate server tasks. 
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Using the Server Console Window 



The Domino server console displays in a window during startup. Administrators can 
issue commands using this server console window. The following figure shows an 
example of Hub/SVR/WWCorp server console during startup. 



©Hub/SVR/WWCorp: Lotus Domino Server 



ev of the Domino D ii 
02/13/2003 09:57:59 
02/13/2003 09:57:59 
rp at 12/19/2002 08: 
3:49 AM. 

02/13/2003 09:57:59 
rp at 12/18/2002 08: 
7:24 PM. 

02/13/2003 09:57:59 
02/13/2003 09:58:00 
02/13/2003 09:58:00 
02/13/2003 09:58:00 



EJxJ 



02/13/2003 

02/13/2003 

\DataSntdat 

02/13/2003 

02/13/2003 

02/13/2003 

02/13/2003 

02/13/2003 

02/13/2003 

02/13/2003 

02/13/2003 

> _ 



09:58:00 
09:58:00 
a 

09:58:01 
09:58:01 
09:58:01 
G9:[,8:08 
09:58:08 
09:58:08 
09:58:12 
09:58:12 



PM Index update process started 

PM Missed scheduled replication with server East01/SUR/UWCo 
00:00 AM. Last replication couplet ion time: 12/18/2002 10:0 

PM Missed scheduled replication with server Ues fc01/SVfl/UWCo 
00:00 AM. Last replication completion time: 12/17/2002 06:5 

PM Database Server started 

PM Agent Manager started 

PM MT Collector: Started 

PM MI Collector: Using directory C:\LotusSDomino\Data\mtdat 

PM Router: Message Tracking is enabled 

PM Router: Message Tracking using directory C:\LotusNDoinino 

PM Mail Router started for domain MMCORP 

PM Router: Internet SMTP host hub in domain wwcorp.com 

PM Administration Process started 

PM AMgr: Executive '1* started 

PM AMgr: Executive '2' started 

PM HTTP Server: Using Web Configuration Uiew 

PM JUM: Java Uirtual Machine initialised. 

PM HTTP Server: Jaua Uirtual Machine loaded 



J 




Set properties for the server console window 



If the window properties are not set correctly, an administrator could accidentally 
pause the server, thereby preventing users from accessing the server. Follow these 
steps to set the properties for the server console window. 



Step 


Action 


1 


Click iU in the Window Title Bar, and then choose Properties. 


2 


In the Edit Options section, deselect QuickEdit Mode. 


3 


Click OK. 


4 


Select Modify shortcut that started this window, and click OK. 



Best practices for using the server console window 



After setting up a Domino server, it is best to secure the server machine in a 
locked room to prevent unauthorized access. Therefore, after server setup, 
there is usually little need to use the server console window. All server console 
administration can be accomplished using either Domino Console or Domino 
Administrator. 
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Defining a Backup Process 

After determining and documenting the current infrastructure, perform a complete 
backup of all servers before making any changes. Whether the infrastructure is 
new or was previously in place, a new administrator should establish a basis from 
which to recover lost data. 

There are two choices for backup procedures: 

■ Backup using the traditional method of making copies of files. 

■ Backup using transaction logging: Transaction logging creates log files that 
capture database changes allowing faster database updates and easier 
backup. 



Other important files to back up 



In addition to a full backup of files, copy the following ID files to a disk and store 
the disk in a secure place: 

■ Server IDs 

■ Organization and Organizational Unit certifier IDs 

■ Administrator and user IDs 

Never rely on replication as the sole method of database backup. 
Multiple copies of data in multiple locations does not ensure data integrity. 
A damaged or accidentally changed database may replicate, with the only 
Caution recourse being to recover the database from a server backup. 



Backup utilities 



Backup utilities are available for Domino 6. For more information on backup 
utilities, refer to the following Web sites: 

■ Lotus Developer Domain, htto;//www-1 QJotus.com/ldd 

■ IBM Tivoli software, http://www.ibm.corn/software/tivoli 
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Defining a Backup Prooess...(continued) 
Best practices for backups 



The following guidelines describe recommendations for backups and apply to 
both methods of backup: 

■ Back up all Domino server data files, including: 

■ Databases, template files, the Notes.ini file, ID files, and certifiers 

■ Files that may remain open during backup 

Domino keeps some files open while it runs (Log.nsf, Names.nsf, Mailbox 
and the server ID file). If the backup utility cannot back up open files, 
shut down the server before creating the backup file. 

■ User mail files 

■ Back up servers before and after major network changes. 

■ Using the company's standardized backup procedures, back up files either 
directly to media or to a file server and then to media. 



Suggested process for maintaining current data 

Back up databases (or logs in the case of transaction logging) incrementally 
Monday through Thursday and perform a full backup on Friday. 

Use a process that ensures backup on any given date. The following describes 
one suggested process which ensures the data is current as of: 

■ Yesterday (as a result of last Friday's full backup and this week's incremental 
backups) 

■ Each Friday of this month 

■ The last Friday of each month over the past 12 months 

■ The last Friday of each year the process has been in place 



When to reuse media 



The following are guidelines on using new media vs. reusing media: 

■ Reuse the media containing incremental backups each week. 

■ Use new media for backups on the last Friday of each month. 

■ Reuse the media on Friday of each month, except on the last Friday 
(use new media). 

■ Reuse each "last Friday" media each year, except the last one of the year. 
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What is Transaction Logging? 

A single transaction is a series of changes made to a database on a server — 
for example, a transaction might include opening a new document, adding text, 
and saving the document. 

Transaction logging allows the capture of system database changes to a log. If a 
system or media failure occurs, databases are recovered using the transaction log 
and a third-party backup utility. 



Transaction logging benefits 



The following table lists the main benefits of transaction logging. 



Feature 


Benefit 


In most cases, there is no 
need to run Fixup to 
recover databases after a 
server crash. 


Quicker server restarts. Transaction log recovery applies 
or undoes only those transactions not written to disk at the 
time of the system failure. 


Provides less possibility 
of corruption of 
databases. 


Data is written to a log, then from the log to the database. 
It is not committed to the database until the writing process 
is satisfied that it is written with full integrity. 


Allows Domino to defer 
database updates to disk 
during periods of high 
server activity. 


■ Saves processing time. 

■ Transactions are recorded sequentially in the log files, 
which is much quicker than database updates to 
random, nonsequential parts of a disk. 

■ Because the transactions are already recorded, Domino 
can safely defer database updates until a period of low 
server activity. 


Simplifies daily backup 
procedures. 


Use a backup utility to perform daily incremental backups 
of the Transaction logs, rather than perform full database 
backups. 



Note: Fixup is a server task that fixes any inconsistencies resulting from partially 
written operations after a server failure, power failure, or hardware failure. 
Database corruption is much less likely to occur in databases for which transaction 
logging is enabled. For more information on when to run Fixup, refer to Technote 
183377 When Should FIXUP Be Run on a Database? on the Lotus Support 
Services Web Site at http://www-3 ibm.com/software/lQtus/suppQrt . 
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What is Transaction Loggi ng?.. .(continued) 
Database identifiers and transaction logging 



When transaction logging is enabled, Domino uses a unique database identifier, 
the Database Instance ID (DBIID), to match transactions with specific databases. 

Some database maintenance activities cause Domino to assign a new DBIID to a 
database. As a result, Domino cannot restore these old transactions to the 
database because the transactions are linked to the database using the DBIID. 

Domino assigns a new DBIID to a database under the following circumstances: 

■ Transaction logging is enabled for the first time. 

■ The log path or maximum log size is changed after initial setup and use. 

■ A database is moved from one logged server to another logged server, or from 
a server not enabled for logging to a logged server. 

■ Compact server task is run with an option other than -b (In-place compacting 
with space recovery only). 

For more information on the different styles and options for the Compact 
server task, refer to the Lotus Domino Administrator 6 Help topic Compact 
options. 

■ Fixup task is run on corrupt databases. This repairs corrupted views and 
documents. 

Note: The Domino Server Log (Log.nsf) or console displays when the DBIID has 
changed and recommends a new backup. 
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Using Transaction Logging 

Transaction logging is available with the Domino Utility Server and Domino 
Enterprise Server types, and is configured in the Server document. 



Transaction logging styles 



The following table lists the transaction logging styles. 



Style 


Description 


Circular 


Transaction log files are reused in a cycle based on size. The size 
can be from 192MB to 4GB, as defined in the Server document. 
Old transactional logs are overwritten. 


Archive 


Transaction log files are not overwritten. New logs are created as 
needed and occasionally older inactive logs are archived to archive 
media. Active logs remain in the log directory. 


Linear 


Transaction log files are reused in a cycle with no size limit. 
Administrators backup and recover without archiving logs to media. 
The logs are reused, extending the size of the log, which provides a 
longer window of time for standard database backup recovery. 



Performance considerations 



Periodically, transaction logging creates a recovery checkpoint record in the 
Transaction log that lists each open database and the starting point transaction 
needed for recovery. 



The following table lists the choices for determining how often transaction logging 
records checkpoints. 



Option 


Description 


Standard (default) 


Records checkpoints regularly 


Favor runtime 


Records fewer checkpoints: 

■ Requires fewer system resources 

■ Improves server run-time performance 

■ Increases server restart time 


Favor restart recovery time 


Records more checkpoints: 

■ Improves restart recovery time 

■ Uses more system resources 
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Using Transaction Logging...(continued) 




Enable transaction logging 



Follow these steps to begin to log database transactions on your assigned server. 



Step 


Action 


1 


From Domino Administrator, click the Configuration tab-> Server section-^ 
All Server Documents view. 


2 


Select your assigned server, and then click Edit Server. 


3 


Click the Transactional Logging tab. 


4 


Complete the following fields: 

■ Transactional logging: Enabled 

■ Log Path: C : \Lotus\Domino\Data\Logdir 
(unless told otherwise by the instructor) 

■ Logging style: Circular 

■ Maximum log space: 20 MB 


5 


Click Save & Close. 


6 


Restart the Domino server to begin logging database transactions. 



Disabling transaction logging for multiple databases 



Transaction logging is enabled for the server, but administrators can disable 
transaction logging for particular databases. For example, consider disabling 
transaction logging for a database containing documents that do not change 
frequently. Follow these steps to select multiple databases and disable 
transaction logging. 



Step 


Action 


1 


From Domino Administrator, click the Files tab. 


2 


Select the databases that should not be included in the Transaction logs. 


3 


Choose Tools->Database-> Advanced Properties. 


4 


Select the boxes as shown in the following figure: 


Select Enable or disable these properties 


P p Disable transaction logging 


5 


Click OK. 
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Using Transaction Logging... (continued; 



Transaction logging best practices 



There are some database backup guidelines specific to transaction logging. 
The following table lists suggested schedules. 



Backup 


Schedule 


Full database 


Whenever database receives a new DBIID 


Logged databases 


Full backups weekly 


Database not being logged 


More than once a week 


Transaction log 


■ Incrementally Monday through Thursday 

■ Full backup on Friday 



The following outlines additional backup considerations: 

■ Archive Transaction Log files (use a backup utility to schedule archiving 
of log files). 

■ Use a dedicated device with a separate controller and an empty drive with a 
large amount of space (192 MB minimum). 

■ When using Compact: 

■ Carefully schedule compactions. 

■ Schedule compaction with a full database backup when using the 
Compact task with the options, such as reduce file size. 

■ Carefully schedule Fixup tasks (or do not use Fixup). 

Note: For more information refer to the Lotus Domino Administrator 6 Help topic 
Transaction logging. 
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What is View Logging? 

View logging is an extension of transaction logging. With view logging enabled, 
views do not require rebuilding during server restart because the information is 
captured in the Transaction log and restored from that log resulting with less 
server downtime. 



Viewing logging considerations 



The following is a list of considerations regarding view logging: 

■ Individual views must have view logging enabled. 

■ Only Domino 6 databases can use view logging. 

■ Criteria to use when deciding to enable view logging: 

■ Traffic volume 

■ Visibility 

■ Business criticality 

■ Full view rebuilds are not logged. 



Enable view logging 



Follow these steps to enable view logging for the All Documents view in your 
mail file. 



Step 


Action 


1 


From the Files tab, open your mail file. 


2 


Choose View-> Design. 

Result: Domino Designer opens displaying the mail file's design elements. 


3 


In the Bookmarks pane, expand Views (click the +). 


4 


Scroll down to select the ($AII) view. 


5 


Click OK on the informational message. 

Result: The view and its properties dialog box display. 


6 


In the View properties dialog box, select the St? tab. 


7 


In the Logging section, select Include updates in transaction log. 


8 


Choose File->Save, and then File->Close. 


9 


Close Domino Designer. 
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Using Activity Logging 

Activity logging tracks server usage by database, user, protocol, and activity, by 
retrieving activity data from the Domino Server Log (Log.nsf). Graphic charts that 
break down server activity by user and database answer the question "what is the 
server doing?". Domino logs only activity that can be assigned to a specific user, 
not overhead like indexing and compaction. 

Companies can use this information to: 

■ Track usage by department or business unit for determining charge 
back amounts. 

■ Monitor usage as it impacts server performance in order to balance usage 
between servers. 

■ Plan for system resources and clustering requirements. 



Configuring activity logging 



Administrators enable and configure activity logging in the Configuration Settings 
document. The fields on the Activity Logging sub-tab determine how frequently to 
log activity session data. The frequency interval is called a checkpoint. The following 
table describes these fields. 



Field 


Description 


Enabled logging types 


The server tasks to use to produce activity logging data. 
Some examples include: 

■ Domino. Notes. Database 

■ Domino.Notes.Session 

■ Domino.Replica 

■ Domino. Mail 

■ Domino.HTTP 


Checkpoint interval 


The frequency (in minutes) for creating checkpoint 
records. The default is 15 minutes. 


Log checkpoint at midnight 


Select Yes to automatically create Notes session and 
Notes database checkpoint records every day at midnight. 


Log checkpoints for prime 
shift 


Select Yes to automatically create Notes session and 
Notes database checkpoint records every day at the 
beginning and end of a specific time period. 


Prime shift interval 


Specify the start and end time for the prime shift. 
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Using Activity Logglng...(continued) 
s^^\ Starting activity logging on a server 



Follow these steps to start logging activity data on a server. 



Qtan 

oiep 


Acnon 


I 


rrom uomino Administrator, ciick iriB isoniiguraiion iau^ 
Server section-> Configurations view. 


2 


Select the appropriate Configuration Settings document, and click 
Edit Configuration. 


3 


Click the Activity Logging tab. 


4 


Select Yes next to Activity Logging is enabled. 


5 


Select the appropriate Enabled logging types. 


6 


Enter the appropriate Checkpoint interval. 


7 


Select Yes next to Log checkpoints at midnight. 


8 


Select Yes next to Log checkpoints for prime shift. 


9 


Select a range for the Prime shift interval. 


10 


Click Save & Close. 
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Analyzing the Activity Data 

Domino writes the activity logging information in the Domino Server Log (Log.nsf). 
There are different methods for analyzing the activity data: 

■ Run an activity analysis. 

■ Write a Notes API program to access the information in the log file. 

■ Use a tool to analyze past activity trends (requires IBM Tivoli Analyzer for 
Lotus Domino). 

For more information about activity logging data in the Log file, refer to the Lotus 
Domino Administrator 6 Help topic The information in the log file. 

Running Activity Analysis creates detailed information about the types and 
quantity of activity on the Domino server. The results are stored as documents in 
the Activity Analysis database, Loga4.nsf. 




Run an activity analysis to determine usage 



Follow these steps to analyze activity data in the log file, and answer the questions. 



Step 


Action 


1 


Click the Server tab-> Analysis tab. 


2 


Choose Tools->Analyze-> Activity. 


3 


In the Server Activity Analysis dialog box, verify the following fields: 

■ Start Date: Yesterday 

■ End Date: Today 


4 


Click OK. 

Result: Domino Administrator generates and opens the Activity Analysis 
database. 


5 


In the results database, expand the Server Activity section. 

■ Which database has your user ID used most today? 

■ Which Notes user sent and received the most bytes today? 

■ What is the combined content length of all HTTP requests? 


6 


Close the Activity Analysis database. 
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Analyzing the Activity DBtB...(continued) 
IBM Tivoli Analyzer for Lotus Domino 



Activity trends aid in the planning and maintaining of a Domino environment. 
A separate product, IBM Tivoli Analyzer for Lotus Domino, also helps 
administrators identify the critical server information to monitor and manage the 
overall health of a Domino server. This product includes two integrated system- 
management tools: 

■ Server Health Monitor: Offers real-time assessment and recommendations for 
server performance. 

■ Activity Trends: Provides data collection, data exploration, and resource 
balancing. 

Refer to Appendix C: IBM Tivoli Analyzer for Lotus Domino for more information. 
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Automating Server Tasks 



The Domino server requires regular, scheduled maintenance to function properly. 
The following table shows the most common server tasks that should be 
scheduled to run regularly. 



Server Task 


Description 


Updall 


Updall performs the following functions: 

■ Updates any view indexes or full-text search indexes that: 

■ Need updating 

■ Are corrupted 

■ Purges deletion stubs from databases 

■ Discards view indexes for views that have been unused for 45 days, 
unless otherwise specified in the database design 


Compact 


Compact performs the following functions: 

■ Recovers unused space after documents are deleted 

■ Reduces the file size of a database 



Options for automating server tasks 



To ease the workload for administrators, tasks that regularly run on a Domino 
server are defined in the initialization file (Notes.ini). There are other ways to 
automatically run tasks or programs, each with certain characteristics. 



Option 


Criteria 


Initialization file 
(Configuration Settings 
document/Notes. ini) 


■ Schedule daily tasks for particular time (on hourly basis). 

■ Add specific tasks. 

■ ServerTasks setting starts tasks automatically every time 
the server starts. 

■ ServerTasksAt setting starts tasks at a specified time. 


Program documents 


■ Are assigned to particular servers. 

■ Schedule for time, repeat interval, or days of week. 

■ Enable/Disable flag. 

■ Run tasks, defined programs, or executables. 


Agents 


■ Define per database only. 

■ Schedule for time, day, week, month, or manually 

■ Select documents to include. 

(D 

■ Run actions, formulas, LotusScript , or JavaScript. 


Administration Process 


■ Automate server tasks. 
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Automating Server Tasks... (continued) 




Classroom 
Scenario 



From monitoring log files, Worldwide Corporation's administrators 
determined that the Compact server task is not running regularly. 

Change the schedule to run Compact every other day and to compact 
using the In-place compacting with space recovery only style in 
order to prevent the assignment of new DBI IDs on transaction logged 
databases. 




Automate the Compact task with a Program document 



Follow these steps to automate the Compact task with a Program document. 





Step 


Action 




1 


Click the Configuration tab->Server section ^Programs view. 




2 


Click Add Program. 




3 


Complete the following fields: 






■ Program name: Compact 






■ Command line: -b 






■ Server to run on: Your assigned server 






■ Enabled/disabled: Enabled 






■ Run at times: 3 : 00 AM 






■ Repeat interval of: 0 






■ Days of week: Mon, Wed, Fri 




4 


Click Save & Close. 




5 


To view the schedule, do one of the following: 






■ Select the Server tab->Status tab-> Schedules section->Programs view. 






■ Issue the show schedule server console command. 
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Updating Servers 



When the Domino environment changes, administrators may need to update 
Domino servers to accommodate the changes. For example, Worldwide 
Corporation may decide to: 

■ Share one of its databases with a customer. 

■ Consolidate servers. 

■ De-centralize administrative tasks to the regions. 



Objectives 



After completing this lesson, you should be able to: 

✓ Set up communication with another organization. 

✓ Change server access. 

✓ Find all references of a server in a domain. 

✓ Analyze the effect of placing a server out-of-service. 

✓ Recertify a server ID. 

✓ Change administrators' access. 
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Authenticating With Another 
Organization 

If two companies wish to access each other's servers to route mail or replicate 
databases, the two companies need to cross-certify. Cross-certification is required 
if two entities, servers or users, do not share a certificate in common. 

What is cross-certification? 

Cross-certification allows servers and users with no common ancestral heritage to 
authenticate. Two important facts about cross-certification are: 

■ Cross-certification is a two-way process. Both organizations need to cross- 
certify each other. 

■ Cross-certification can be to or from an organization, organizational unit, 
server, or user. 

Results of the cross-certification process 

Cross-certification requires two-way trust. During the cross-certification process: 

■ Each organization cross-certifies an ID from the other organization. 

■ Each organization stores the cross-certificate it issues in the Domino Directory 
(or Personal Address Book for users). 

What cross-certification does not do 

Cross-certification does not: 

■ Alter either organization's hierarchical structure, any server's or user's 
distinguished name, or any ID. 

■ Necessarily give the other organization access to all your servers. 

■ Override server access control. 

■ Replace ACLs as the primary control mechanism for database access. 



Administering IBM Lotus Domino 6: Managing Servers and Users 



79 



Lesson 4 ■ Updating Servers 

Authenticating With Another Organization... (continued) 



Cross-certificate example 



The following diagram shows that Marcus Frank can authenticate with the EastOI 
server because he has a certificate from the same hierarchy as the server. 
However, Victor Jones cannot authenticate with EastOI because his certificate 
originated from another hierarchy. 

Victor Jones needs to obtain a cross-certificate to the WWCorp hierarchy. EastOI 
also needs a cross-certificate to the Earth hierarchy. 

The boxes in the diagram indicate IDs that contain certificates and keys. 




Note: Cross-certification does not need to be symmetric. Victor Jones can cross- 
certify at the SVR or WWCorp level. 
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Cross-Certifying Certifiers 

A company can issue cross-certificates between Organization or Organizational 
Unit certifiers. This type of cross-certification is appropriate when: 

■ Company A wants to grant access to multiple servers in its organization to a 
specific branch of Company B. 

■ Company A wants to have access to a particular branch of Company B's 
organization. 

■ Two organizations merge. 

Certifier-to-certifier example 



The following figure shows an example of two companies that have cross-certified 
at the certifier level. 



Domino 
Directory 

Cross- 
certificate 
Document 
OU=SVR 




The following table shows the cross-certificates. 



Cross-Certificate 
Issued by... 


Cross-Certificate 
Issued to... 


Cross-Certificate Stored 
in Directory for... 


/SVR/WWCorp 


/Earth 


WWCorp Domain 


/Earth 


/SVR/WWCorp 


Earth Domain 



/0=Earth and OU=SVR/0=WWCorp are cross-certified. This permits any user or 
server certified by Earth to authenticate with any user or server certified by 
/SVR/WWCorp. 



Domino 
Directory 



Cross- 
certificate 
Document 
0=Earth 
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Cross-Certifying a Certifier and Server 

A company can issue cross-certificates between an organization or 
organizational unit and an individual server or user. This type of cross-certification 
is appropriate when: 

■ Company A wants a specific server from Company B to have access to 
multiple servers in Company A's organization. 

■ Company A wants to authenticate with Company B's organization, but wants 
to limit their access to Company A's organization. 



Certif ier-to-server example 



The following figure shows an example of two companies that have cross-certified 
a certifier and a server. 



Domino 
Directory 

Cross- 
certificate 
Document 
OU=SVR 




The following table shows the cross-certificates. 



Cross-Certificate 
Issued by... 


Cross-Certificate 
Issued to... 


Cross-Certificate Stored 
in Directory for... 


/SVR/WWCorp 


USHub/SVR/Earth 


WWCorp Domain 


USHub/SVR/Earth 


/SVR/WWCorp 


Earth Domain 



The organizational unit, OU=SVR/0=WWCorp, is cross-certified with the server 
USHub/SVR/Earth. USHub is the only server in 0=Earth that can authenticate 
with any server or user certified by /SVR/WWCorp. 



Domino 
Directory 



Cross- ^ 
certificate 
Document 
CN=USHu 
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Cross-Certifying Servers 



A company can issue cross-certificates between individual servers or users. 
This type of cross-certification is appropriate when servers in different 
organizational units need access to the server of the other group, for example, to 
replicate databases stored on two servers. 



Server-to-server example 

The following figure shows an example of two companies that have cross-certified 
at the server level. 



Domino 
Directory 



Cross- 

certificate 

Document 

CN=USHu 



|WWCorp p 




Domino 
Directory 



Cross- 1^ 
certificate I 
Document 
CN=East01 



Earth f 




JP 



USHub p MailOl J[ J, Harris f 



The following table shows the cross-certificates. 



Cross-Certificate 
Issued by... 


Cross-Certificate 
Issued to... 


Cross-Certificate Stored 
in Directory for... 


East01/SVR/WWCorp 


USHub/SVR/Earth 


WWCorp Domain 


USHub/SVR/Earth 


East01/SVR/WWCorp 


Earth Domain 



In this example, the USHub and EastOI servers will authenticate successfully. 
Users who have access to these two servers can modify the same databases and 
send mail, even though they are not in the same organizations. 
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Cross-Certifying IDs 



The following table lists the methods that administrators can use to cross-certify IDs. 



Method 


Description 


Prior to connection 


The administrator cross-certifies the IDs. IDs are sent 
via electronic mail or postal delivery service. 


At the time of connection 


The administrator cross-certifies on the first attempt to 
access the server in another organization. 



Cross-certify both organizations 



To complete cross-certification, an administrator in each organization must create 
a cross-certificate. 



Documentation references 



For more information on the methods for cross-certification, refer to the references 
in the following table. 



Cross-certification method 


Lotus Domino Administrator 6 Help Reference 


Cross-certifying by electronic mail 


Adding a Notes cross-certificate for IDs by 
Notes mail 


Cross-certifying by disk media 


Adding a Notes cross-certificate for IDs by 
postal service 


Cross-certifying at the time of 
connection 


Adding a Notes or Internet cross-certificate 
on demand 
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Cross-Certifying lDs...(continued) 



Checklist: Creating a cross-certificate 



The administrator in each organization must complete these tasks to create a 
cross-certificate. 





Task 


Procedure 


□ 


1 


Create and mail a safe copy of the ID file. 


□ 


2 


Create the cross-certificate. 



fr^X Task 1 : Create and mail a safe copy of the ID file 



A safe copy of an ID is a copy of the ID without the private and encryption keys, 
The safe copy contains only the user information, public key, and certificates. 
No password is required to access the ID; however, the ID cannot be used to 
authenticate within the Domino environment. 



Follow these steps to create a safe copy of the ID to be cross-certified before 
sending it to the other organization's administrator. 



Step 


Action 


1 


Click the Configuration tab. 


2 


Choose Tools->Certification->ID Properties. 


3 


Select the ID file, and click Open. 


4 


Enter the ID password, and click OK. 


5 


Select the Your Identity section-^ Your Certificates panel. 


6 


Click Other Actions, and then choose Export Notes ID (Safe Copy). 


7 


Enter a file name for the safe ID, and click Save. 


8 


Click Close. 


9 


Mail the safe copy of the ID to the other administrator. 
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Cross-Certifying IDs.. .(continued; 
Task 2: Create the cross-certificate 



Follow these steps to generate a cross-certificate issued by your organization to 
the other organization. 



Step 


Action 


1 


Click the Configuration tab. 


2 


Choose Tools-> Certification^ Cross Certify. 


3 


Click Server, enter or select a registration server name, and click OK. 


4 


Click Certifier ID, select the certifier ID file, and click Open. 


5 


Click OK to continue. 


6 


Enter the certifier password, and click OK. 


7 


Select the safe copy received from the other organization, and click OK. 


8 


From the Subject name drop-down box, select the level within the other 
organization's hierarchy at which to cross-certify. 


9 


Accept or change the cross-certificate expiration date. 


10 


Click Cross Certify. 



Note: For successful authentication, the administrator in the other organization 
must complete this process to create a cross-certificate issued by the other 
organization to your organization. 



Deleting a cross-certificate to prevent authentication 



Delete the Cross-certificate document from the Domino Directory to prevent users 
and servers in the other organization from authenticating with that branch of your 
organization. 

Certificates are cached, so restart the server to prevent authentication with the 
organization specified in the deleted Cross-certificate document. 

As an additional precaution, deny access in your organization's Server documents 
to guarantee no access by the other organization. 

For example, if Worldwide Corporation is no longer doing business with Earth 
Corporation, a Worldwide administrator should delete the Cross-certificate 
document, and add */ Earth to the Not access server field on all servers in 
the domain. 
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Enable Cross-Organization 
Authentication Exercise 



J?^\3 Worldwide Corporation wants to share its customer database with its 
subsidiary, Earth Corporation. 

Worldwide employees update customer information on the Worldwide 
Classroom server, EastOI . The database replicates to ExternalOl for access by 
Scenario outside organizations. 

Likewise, Earth employees update customer information on the Earth 
server, NorthOL The database replicates to ExHubOl for access by 
outside organizations. 




Determine cross-certification levels 



In the graphic below, circle the certifier, server or user level in each organization 
that should cross-certify with the other organization. 



There are many possible cross-certification options. Choose the best option that 
provides the required access, but does not provide users or servers with 
unnecessary access to servers. 




Complete the table to indicate the cross-certificates to create in order to enable 
the cross-organization communication you proposed in the graphic. 



Cross-Certificate 
Issued by... 


Cross-Certificate 
Issued to... 


Cross-Certificate Stored 
in Directory for... 
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Allowing Server Access to Other 
Organizations 

A cross-certificate permits a user or server in another organization to authenticate 
with a server in your organization, however, this does not guarantee that the 
server permits access to the user or server in the other organization. The server 
access fields in the Server document control access by the servers and users in 
the other organization. 



Recommendations for access by other organizations 



Cross-certifying with another organization allows for the other organization to 
authenticate with servers in your organization. It is important to correctly complete 
the server access fields in your organization's Server documents to permit access 
to the appropriate users or servers in the other organization. Likewise, it is 
important to prevent access to unauthorized users and servers in the other 
organization. 

The following table suggests how to set the Access server field depending on the 
level at which cross-certification occurred. 



Cross-certified with Other 
Organization's... 


Set Access Server Field This Way... 


0 certifier 


Branch of organization hierarchy, for example, 
•/Earth 


OU certifier 


Branch of Organizational Unit hierarchy, 
for example, 7US/Earth 


Server 


Server's name 


User 


User's name 



Tip: If cross-certification is at the server level, administrators can add an extra 
layer of security as a precaution by adding the other organization's hierarchy to 
the Not access server field for all other servers in your organization. 
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Allowing Server Access to Other Organizations. ..(continued) 

Worldwide Corporation will adhere to the following guidelines: 

■ All Worldwide employees are permitted access to all regional servers. 

■ All regional servers are secured against access by employees of 
organizations with which Worldwide has cross-certified. 

■ Only the external server will allow access by employees of Earth 
Corporation. 




Modify the server access fields 



Follow these steps to implement the access described in the above scenario. 



Step 


Action 


1 


From Domino Administrator, click the Configuration tab->Server section-^ 
All Server Documents view. 


2 


Select your assigned Server document. 


3 


Click Edit Server. 


4 


Click the Security tab. 


5 


In the Server Access section, complete the following fields: 

■ Access server: Add * /WWCorp 

■ Not access server: Add */ Earth 


6 


Click Save & Close. 



Modifying database ACLs 



For another organization's users or servers to gain access to a database in your 
organization, the following three security mechanisms must be set properly: 

■ The Cross-certificate document exists to permit the user or server in the other 
organization to authenticate. 

■ The server access fields in the Server document permit access to the server. 

■ The database ACLs permit access to the database. 

If one of these three mechanisms is not set properly, the user or server from the 
other organization fails when accessing a database in your organization. 




Classroom 
Scenario 
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Finding Instances of a Server's Name 

To locate instances of a particular server name in the domain, use the Find server 
tool on the Server Analysis tab. This is a useful tool when an administrator needs 
to move a server to a new location in the hierarchy or decommission a server. 



How to find a server in a domain 



The Find Server tool immediately creates an Administration Process Request to 
find the selected server name(s). The next time the Administration Process carries 
out new requests, it creates a document as a response to the original request. 
To start the search before the next Administration Process time interval, issue the 
following command from the Server tab->Status tab->Server Console view: 

tell adminp process new 

The resulting response document to the original Administration Request 
document contains document links and database links to the following 
occurrences of the name in: 

■ Domino Directory documents 

■ Group name(s) in Policy documents 

■ Database ACLs of all databases 



Finding users or groups 



Administrators can also use the Find tool to find users and groups. It is context 
sensitive and located on the Tools pane in Domino Administrator. It will find: 

■ Users, when the People view is selected 

■ Groups, when the Groups view is selected 
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Finding Instances of a Server's Name... (continued; 



Worldwide Corporation administrators want to upgrade a server that 
keeps crashing. This server will have a different name. It is necessary to 
find all places where the old server is referenced. 




Find your assigned server 



A request to decommission a server is approved. Follow these steps to find all 
instances of the server in the current domain. 



Step 


Action 


1 


From Domino Administrator, select your assigned server to administer. 


2 


Click the Server tab->Analysis tab. 


3 


Choose Tools-> Analyzed Find Server. 


4 


Select your assigned server from the list box, and click OK. 

Result: A message displays indicating that an administration request will be 
initiated to search the enterprise for the server name. 


5 


Click Yes. 

Result: A request is created in the Administration Requests database. 


6 


To replicate the changes to the Administration Requests database 
throughout the classroom domain, follow these steps: 

a. Click the Server tab->Status tab-> Server Console view. 

b. Click the Live button. 

c. Enter the following text on the command line, and then click Send. 

< Rep . txt 


7 


To speed processing, follow these steps: 

a. Click the Server tab->Status tab->Server Tasks view. 

b. Right-click the Admin Process task, and then choose Tell Task. 

c. Select New requests, and click OK. 

Result: The Administration Process creates a Response document to the 
original Administration Process Request document, performs the search on 
the server, and then posts document links and directory links to each 
occurrence of the server name in the Response document. 



(continued on next page. . .) 




Classroom 
Scenario 
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Finding Instances of a Server's Name.. .(continued) 



Find your assigned server... 



Step 


Action 


8 


Repeat Step 6 to replicate the changes to the Administration Requests 
database throughout the classroom domain. 


9 


Click the Analysis tab-> Administration Requests (R6) section-> 
All Requests by Name view. 


10 


Expand the section for your assigned server. 


11 


Open the response to the document titled Find Name in Domain. 


12 


Click some of the database links, then view the database ACL to verify that 
your assigned server is listed in the ACL. 
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Placing a Server Out-of-Service 

At times, administrators may find it necessary to place a server out-of-service. 
For example, a server's equipment has become outdated, and will be retired 
(decommissioned). 



Decommission Server Analysis tool 



Domino Administrator includes a tool to analyze the effect of decommissioning a 
server by comparing two servers: 

■ The server to decommission 

■ The target server to inherit new tasks 

The Decommission Server Analysis tool stores the comparison in a Results 
database. The results database, Decommission Server Analysis, Decomsrv.nsf: 

■ Contains a separate document for each item compared 

■ Marks problems or inconsistencies to correct before decommissioning 

Manual process to decommission the server 



The Decommission Server Analysis tool does not automate the process of retiring 
the server; however, the tool aids this process by showing the places that need 
attention before the server is decommissioned. Decommissioning the server is a 
manual process. 

Note: There are additional tasks required to decommission a Domain Search 
server. For more information, refer to the Lotus Domino Administrator 6 Help topic 
Decommissioning a Domain Search server. 
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Placing a Server Out-of-Service... (continued) 



Analyzing the effect of decommissioning a server 



Follow these steps to run a Decommission Server Analysis. 



Cfon 


Ml* MUM 


1 


From Domino Administrator Hirk thp Server tah-^ Analv^iQ tah 


2 


Choose Tools-> Analyzed Decommission Server. 


3 


Select the Source Server and Target server. 


4 


To change the location or file name for the results database: 

a. Click Results Database. 

b. Select the Server to store the results database. 

c. Enter the Title and File Name for the results database. 

d. Click OK. 


5 


Select one of the following options: 

■ Append to this database 

■ Overwrite this database 


6 


Click OK. 
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Updating a Server ID 

Each server ID contains, among other things, a password, the server's location 
within the hierarchy and a certificate expiration date. It may be necessary to 
update a server ID under the following circumstances: 

■ To change or remove the password 

■ To extend the certificate expiration date for the server 




(Optional) Remove the server ID password 



In order to store the server ID in the Domino Directory during server registration, 
the ID must be password-protected. However, it is often more convenient to not 
have a server ID password (for example, for remote server restart). Follow these 
steps to remove the password on the server ID. 



Step 


Action 


1 


Shutdown your assigned server to close the server ID file. 


2 


From Domino Administrator, click the Configuration tab. 


3 


Choose Tools->Certification->ID Properties. 


4 


Select the server ID file located in the \Domino\Data directory, 
and click Open. 


5 


Enter the server ID password, and click OK. 


6 


Click Change Password. 


7 


Enter the server ID password once again, and click OK. 


8 


Click No Password. 

Note: To change the password instead of removing the password, enter and 
confirm the new password. 


9 


If prompted, select Yes to the question Confirm your choice for No Password?. 


10 


Click OK when the password is successfully changed. 


11 


Click OK to close the ID Properties dialog box. 


12 


Start your assigned server. 



Note: The Restart server console command does not prompt for a server ID 
password. However, shutting down the server, then starting the server does 
prompt for a server ID password. 
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Updating a Server (continued) 



Recertifying a server ID 



Follow these steps to recertify a server ID. 



Step 


Action 


1 


From Domino Administrator, click the Configuration tab-> 
Server section-> All Server Documents view. 


2 


Select the server(s) with IDs about to expire, then choose 
Actions-^ Recertify Selected Servers. 


3 


To specify a registration server, click Server, select the server, and click OK. 


4 


Select Supply certifier ID and password. 


5 


Click Certifier ID, select the certifier ID originally used to register the server, 
and click Open. 


6 


Click OK to continue. 


7 


Enter the certifier ID's password, and click OK. 


8 


In the Renew Certificates In Selected Entries dialog box, complete the 
following: 

■ Enter a new date in the New certificate expiration date field. 

■ (Optional) In Only renew certificates that will expire before field, enter a 
date to recertify only a subset of the selected servers, according to their 
current expiration date. 

■ Select Inspect each entry before submitting request. 

Click OK. 


9 


Review the entry, then click OK to view the next entry until all entries are 
processed. 


10 


Click OK when notified of the number of entries processed. 

Result: A request to recertify the server is posted to the Administration 
Requests database for each server processed. 



What happens during recertification? 



The recertification process results in updating both of the following elements with 
new certificate information: 

■ The server ID file 

■ The Server document in the Domino Directory 
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Determining Administrators Access 

The Server document includes settings to designate various levels of 
administrative access for different categories of administrators in the organization. 
For example, only a few people might have Administrator access, while other 
members of a team are designated as Database Administrators. 



Administration levels 



There are seven administration levels found on the Security tab-> Administrators 

section. The three most commonly used administration levels are outlined in the 
following table. 



Server Document 
Field 


Description of Access 


Database 
Administrators 


Can perform the following tasks: 

■ Specify the administration server for a database. 

■ Create, compact, and delete databases. 

& m ■ • r ii ■ ■ i r t t i ■ i i ■ 

■ Maintain full-text indexes, folder, database and directory 
links, and certain database options. 

■ Issue any server console command. 

■ Issue any OS command using the Domino Server Controller. 


Administrators 


Same access as Database Administrators, plus: 

■ Track mail messages. 

■ Use the Domino Web Administrator. 

■ Create databases, replicas, and master templates. 

Note: When the HTTP server task starts, it adds any names 
in this field to the database ACL of the Domino Web 
Administrator database. 


Full Access 
administrators 


Same access as Administrators, plus: 

■ Manager access to all databases on the server. 

■ All programmability rights. 

■ All passthru rights. 

■ Access to the server even if not explicitly listed in the 
Access server field. 

Notes: 

■ This level is similar to root level access on UNIX. 

■ This level does not have access to encrypted data. 

■ By default, this field is blank. 



For more information on the other administration levels, refer to Appendix D: 
Additional Reference Material. 
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Determining Administrators Access... (continued) 



Access to create databases on the server 



The following table outlines the fields that control who can create Domino 
databases on the server found on the Security tab->Administrators section. 



Server Access Field 


Description 


Create databases & 
templates 


Those users and servers allowed to create databases and 
templates on this server. A blank field permits anyone to 
create databases and templates on this server. 


Create new replicas 


Those users and servers allowed to create replicas on this 
server. A blank field permits no one to create replicas on 
this server. 



Best practices for access control 



The following outlines considerations for setting access controls: 

■ Use groups to facilitate easier administration and maintenance. For example, 
use a server group in ACLs and server access fields. To permit access for a 
new server, simply add the new server to the Group document; thereby 
making it unnecessary to change database ACLs and server access fields. 

■ All servers storing replicas of a database should be included either in a group 
or individually in the ACL for proper replication. A server is typically granted 
Manager access to any database stored on that server. 

■ At least one person or group should be granted Manager access to every 
database stored on a server. 

■ The server and the administrator must have the ability to create databases, 
templates, and replicas when using the Administration Process to create the 
databases, templates, and replicas. 
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Set Administration Access Exercise 



Worldwide Corporation will adhere to the following guidelines: 

■ Use the Administration Process to create database replicas on each 
regional server. 

■ Doctor Notes has full access to administer all regional servers. 

■ Use of administrators groups is mandated: 

■ Administrator groups: EastAdmins, WestAdmins 

■ Server groups: EastServers, WestServers 

■ Regional administrators groups should be granted the following access: 

■ Administrators access to servers within their region. 

■ Database Administrators access to servers outside their region. 

■ Create databases and replicas on servers within their region. 




Determine access 



Use the above mentioned Classroom Scenario and Best practices for access 
control section to answer the following questions for your assigned server: 

1 . Complete the following table with the required server access field values. 
Use the group names specified in the above scenario. 



Server Access Field 


New Value 


Create databases & templates 




Create new replicas 




Full Access administrators 




Administrators 




Database Administrators 





2. What servers, users, or groups require Manager access to databases on each 
regional server? 




Classroom 
Scenario 
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Set Administration Access Exercise... (continued) 



Allow access to your assigned server 

Allow access to your assigned server by completing the following tasks: 

■ Modify the server access fields for your assigned server as listed in the table in 
Question 1 on the previous page. 

■ Restart your assigned server for the changes to take effect. 



Test access 



Test the changes just made to access controls by completing the following tasks: 

1 . Create a database on Hub. Use any template for the database. Include your 
initials in the database title and file name to distinguish it from other students' 
databases. 

2. Modify the database ACL to grant your assigned server the appropriate access. 

3. Create a replica of the database on your assigned server using one of the 
following methods: 

■ File-> Replication^ New Replica 

■ Files tab; Tools -> Database^ Create Replica(s) 

4. Once everyone has restarted their servers, access a server in the other region 
from Domino Administrator. 



5. For each tab in Domino Administrator, perform at least one task. The following 
table lists some examples. 



Tab 


Task 


Server 


Enter a console command 


Files 


Create a database or compact a database 



6. Select another server in your region and repeat the tasks. 
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Lesson 5 ■ Setting Up Server Monitoring 



Setting Up Server 
Monitoring 



One of the primary tasks of a Domino administrator is to monitor the health and 
status of servers in the Domino environment. Consistent, thorough monitoring 
helps administrators identify and address issues before they become a 
significant problem. 



Objectives 



After completing this lesson, you should be able to: 

s Identify mechanisms for collecting server information. 

✓ Start Statistic Collector task. 

^ Create event generators. 

s Create event handlers. 

s Enable agent logging. 
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Tasks, Statistics, and Events 

Server tasks perform complex administration procedures — for example, 
compacting databases and updating indexes. All Domino server tasks generate 
information about the processes performed on the server. 



Statistics and events 



The Domino server provides services and tasks that create and report information 
about the Domino server. This information comes in two forms: statistics and 
events. 



Component 


Description 


Statistic 


A numerical fact that shows what is happening on the server. 
The Domino server continuously updates statistics and stores them 
in memory. 

Example: Free space on drive C indicates the amount of free 
space available on drive C. 


Event 


Generated when something takes place on the server. 
Events happen continuously on the Domino system. 
An action or occurrence to which an application responds. 
Actions are any of the following: 

■ User-generated, for example, a mouse click 

■ System-generated, for example, elapsing of a set amount of time 

■ Application-generated, for example, autosave of a document 



Monitoring tasks 



There are two monitoring tasks running on a server. The tasks are: 

■ Statistic Collector: Collects statistics and puts the information into the 
Monitoring Results database (StatRep.nsf) on the domain Administration 
server.By default, the Statistic Collector task collects statistics only from the 
server that has the Statistic Collector task running. To collect statistics from a 
list of specified servers, use the Server Statistic Collection document. 

■ Event: Collects information about system activities and stores it in the 
Monitoring Results database (StatRep.nsf). 
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Server Monitoring Databases and 
Templates 

Statistics and events are stored in databases on the system. Server monitoring 
databases are created either automatically when a task is run or manually by 
the administrator. 



Database and template definitions 



The following table lists databases that keep a running log of events and statistic 
information on a Domino 6 server. 



Database/T emplate 


Populated by 


Contains 


Check 


Monitoring Configuration 
(Events4.nsf/Events4.ntf) 


Event task 


■ Messages 

■ Monitors 


Daily 


Monitoring Results 
(StatRep.nsf/StatRep.ntf) 


■ Statistic Collector 
task 

■ Event task 


■ Results of 
statistics 

■ Events 

■ Alarms 


Daily 


Domino Server Log 
(Log.nsf/Log.ntf) 


System activity 


Keeps track of all 
server activity 


Often to 
ensure 
system is 
running 
properly 


Domino Web Server Log 
(DomLog.nsf/DomLog.ntf) 


Web activity 


Web-specific events 


Daily 
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Starting the Statistic Collector Task 

The Statistic Collector task collects and monitors statistics from the server(s) 
configured in the Server Statistic Collection document. 

The Monitoring Results database (StatRep.nsf) is a repository for Domino system 
statistics created when the Statistic Collector (Collect) or Events (Event) task is 
loaded for the first time. 




Worldwide Corporation management wants statistics monitored now 
that the infrastructure is in place. To begin monitoring, the Statistic 
Collector task must be running. 



Classroom 
Scenario 



Verify that the Statistic Collector task is running 



Follow these steps to verify if the Statistic Collector task is running. 



Step 


Action 


1 


Click the Server tab->Status tab-> Server Tasks view. 


2 


Verify the Statistic Collector task is running. 




Start the Statistic Collector task 



If the Statistic Collector task is not running, follow these steps to start the Statistic 
Collector task. 



Step 


Action 


1 


Choose Tools->Task->Start. 


2 


In the Start New Task box, select Statistic Collector. 


3 


Click Start Task. 


4 


Click Done. 


5 


Click the Files tab. Verify that the Monitoring Results database 
(StatRep.nsf) exists. 
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Event Generators 



Event generators gather information by monitoring a task or a statistic or by 
probing a server for access or connectivity. Each event generator has a specified 
threshold or condition, which, when met, causes an event to be created. 
The event is passed to the Event Monitor task, which checks whether an 
associated event handler has been defined. If an event handler has not been 
defined, the Event Monitor task does nothing. If an event handler has been 
defined, the Event Monitor carries out the instructions in the event handler. 



Event Generators 



The Domino Administrator includes a set of default event generators, which are 
listed in the Event Generators view of the Monitoring Configuration database 
(Events4.nsf). The following table describes the default Event Generators. 



Event Generator 


Function 


Database 


Monitors: 

■ Database activity and free space 

■ Frequency and success of database replication 

■ Database ACL changes, including those changes made by 
replication or an API program 


Domino Server 
Response 


Checks connectivity and port status of designated servers in 
the network 


Mail Routing 


Tests and gathers statistics on mail routes by sending a mail- 
trace message to the mail server of the individual specified 


Task Status 


Monitors the events generated by the Domino server and its 
add-in tasks 


Statistic 


Monitors a specific Domino or platform statistic 


TCP Server 


■ Verifies the availability of the Internet ports (TCP services) 
on servers 

■ Checks whether the server is responding on a given port 

■ Generates a statistic that indicates the amount of time it took 
to verify that the server is responding on the specified port 
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Event Generators... (continued) 



Event severity levels 



The following table lists the event security levels. 



Severity Level 


Description 


Fatal 


Imminent system crash 


Failure 


Severe failure that does not cause a system 
crash 


Warning (high) 


Loss of function requiring intervention 


Warning (low) 


Performance degradation 


Normal 


Status messages 
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Creating an Event Generator 




Worldwide Corporation has grown rapidly in the past year. Disk space 
has been running low due to the increase in personnel. There are new 
disks on order, but until they arrive, the administrators want to track disk 



Classroom usage to avoid problems. 

Scenario The administrators need to create a statistic event generator to notify an 
alarm when the server disk space goes below a certain percentage. 

Monitor disk space 



Follow these steps to create a new statistic event generator. 



Step 


Action 


1 


Click the Configuration tab-> Monitoring Configuration section-^ Event 
Generator section -> Statistic view. 


2 


Click New Statistic Event Generator. 


3 


On the Basics tab, enter the following information: 
Server(s) to monitor 

■ Select Only the following 

■ Enter <your server name> 

For example: East01/SVR/WWCorp 

Statistic to monitor 

■ Statistic to monitor: <Domino system disk> 
For example: Disk.C.Free 

■ Select Monitor as percent of the whole. 


4 


Click the Threshold tab. 


5 


In the Generate the event when the statistic falls below this percentage 
of the total field, enter 9 5%. 


6 


Click Save & Close. 




108 



Administering IBM Lotus Domino 6: Managing Servers and Users 



Lesson 5 ■ Setting Up Server Monitoring 

Event Handlers 



A monitor sets a threshold on a statistic. To be notified when the threshold is 
reached, create an event handler. An event handler defines when and how 
messages are sent when the threshold is reached. 

For example, if you create an ACL monitor, you are notified when an ACL 
is changed. 

Note: Event handlers can also be created for events when certain levels of 
severity are met. 



Event handler notification options 



The following table lists event handler notification options. 



Notification 


Description 


Broadcast 


Reports the event to all users logged on to the server or to a 
specified group of users. 


Log to database 


Logs the event to a database, typically StatRep.nsf, on a local 
server. Select this method only if the specified server is reporting 
events to its own collection database. 


Mail 


Mails the event to a person or to a mail-in database 
(typically StatRep.nsf) on a server in a different domain or one 
that uses an incompatible mail protocol. 


NTLog 


Reports the event to the Windows NT Event Viewer. 


Pager 


Uses the mail address of an alphanumeric pager to report a 
modified version of an event to a pager. 


Prog 


Runs an add-in program or specified command to correct 
problems automatically. 


Relay 


Relays the event to another server that is in the same Domino 
domain and that runs a common protocol. These events are 
collected in a database, typically StatRep.nsf. 


Sound 


Sounds an alarm on the designated server when the 
event occurs. 


SNMP Trap 


Sends the event as an SNMP trap. Select this method only if 
the specified server is running the Event Interceptor task and 
the Domino SNMP Agent. 


UNIXLog 


Reports the event to the UNIX system log. 
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Creating an Event Handler 



Administrators at Worldwide Corporation set a monitor to check disk 
space. They want Domino to notify them when disk space falls below 
the specified level so that they can act on it before it becomes a problem 
for users. 

The administrators want to use the event wizard to create an 
event handler to send them mail when the disk space reaches the 
specified level. 



Notify by mail 



Follow these steps to create an event handler to notify by mail when free disk 
space is below a critical point. 



Step 


Action 


1 


Click the Configuration tab-> Monitoring Configuration section-> 
Event Handlers^ All view. 


2 


From the menu bar, choose Actions menu-> Setup Wizards-> 
Event Notification. 

Result: The Generate Event Handler wizard dialog box displays. 


3 


Click Next. 


4 


Select the following options and then click Next: 

■ What should trigger the handler? Any event that matches my criteria 

■ What servers can trigger the notification? Only these servers: 
<your server name> 

■ Event Criteria Match - Event Type: Events must be one of these types: 

Statistic 

■ Event Criteria Match - Event Severity: Events must be one of these 
severities: Warning (high) 

■ Event Criteria Match - Event Message: Event messages must have this 
text in them: Free space 


5 


Review event handler criteria and then click Next. 


6 


Select the following options and then click Next (after each one): 

■ By what method do you want the notification generated? Mail 

■ What email address(es) do you want this sent to? Your email 
address 


7 


Click Finish. 




Classroom 
Scenario 
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Agents 

An agent is a program that performs a series of automated tasks according to: 

■ A set schedule 

■ A direct request by a user 

■ An occurrence of an event 

Agents can be shared or private: 

■ Shared agents are agents created by one user and can be run by other users 
or scheduled to run on the server. 

■ Private agents are agents that users create for themselves. Users cannot run 
another user's private agent. Private agents are stored on the machine where 
the agent is created. 



When the agent runs 



The following table describes design options for when the agent runs. 



Agents Can Run... 


Example 


Manually 


By the user via the Actions menu in the Notes client 


When triggered by an event 


If documents have been created or modified 


According to a schedule 


Every day at 1 :00 AM 
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Age n t S . . . (continued) 



Agent events 



The following table describes the events that can trigger an agent and examples 
of when to use them. 



Event 


Use it to... 


Before new mail arrives 


Delete unwanted mail before mail is deposited 
in the mail database. 


After new mail arrives 


Forward mail to another address while a user is 
on vacation. 


After documents are created or 
modified 


Update new or existing documents to change an 
area code for phone numbers. 


When documents are pasted 


Add the current date to the document when 
copied documents are pasted into the database. 




Enabling agent logging 



Follow these steps to enable agent logging. 



Step 


Action 


1 


Click the Configuration tab->Server section->Configurations view. 


2 


Open an existing document or click Add Configuration. 


3 


Click the NOTES.INI Settings tab. 


4 


Click Set/Modify Parameters. 


5 


Complete the following fields: 

■ Item: Select Log_AgentManager, and click OK. 

■ Value: Enter 1 , and click Add. 


6 


Click OK. 


7 


Click Save & Close. 
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Agents, mm(continued) 



L \Z\ Check agent status 

S — * 

Follow these steps to check the current status of the agent. Complete the 
information in the Result section. 



Step 


Action 


1 


Click the Server tab-> Statistics tab. 


2 


Click Agents Daily. 




Result: 




■ Any access denials? 




■ Any unsuccessful runs? 


3 


Select Agents Hourly. 




Result: 




■ Any access denials? 




■ Any unsuccessful runs? 



What is the Agent Manager? 



The Agent Manager task controls when an agent runs on a server. Every time an 
agent runs, it uses server resources. Settings in the Server document and in the 
Notes.ini file control when scheduled and event-triggered agents run. 
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Age n t S . . . (continued) 

Notes.ini setting: Log AgentManager 

Log_AgentManager specifies whether or not agent execution information is 
recorded in the log file and displayed on the server console. The syntax is: 

Log_AgentManager = value 

Valid values are: 

■ 0 - Do not log agent execution events 

■ 1 - Log partial and successfully completed agent execution events 

■ 2 - Log only successfully completed agent execution events 

Agent Manager best practices 

The following are recommendations when using the Agent Manager. 
Security 

■ Restrict who can run an agent. 

■ Personal agents can only be run by their creator. The ability for an individual to 
run personal agents on the server can also be restricted by the Security tab of 
the Server document. 

■ Sign agents with a generic ID rather than an individual's ID. 

■ Add the generic ID name to a new group in the Domino Directory. Then add this 
group to all the database ACLs that use the agent signed by this generic ID. 

■ Grant ability to run unrestricted methods and operations to highly trusted 
developers only. 

Mail agents 

■ Use the separate mail agent execution time-out in the Configuration Settings 
document; the Router SMTP tab-> Restrictions and Controls tab-> 
Delivery Controls tab. 

■ Overuse of Mail Pre-Delivery agents can cause performance problems. 

■ Mail Pre-Delivery agents cannot call other agents. 

General 

■ When setting agent time limits, do not use 0 unless you do not want to limit 
agent run times. 

■ Stagger scheduling of agents to improve performance and throughput. 
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Determine Server Status Exercise 



The log file lists all events that have occurred since each server started. 
Each Event document shows: 

■ The server that originated the event 

■ The time the event occurred 

■ The event severity level 

■ The type of event 

■ The error code 

■ A brief description of the event 

The Monitoring Results database collects system statistics. 




Identify status 



Worldwide Corporation wants to check server status to make sure things are 
running smoothly. Specifically, they want to know: 

1 . Are there any databases not replicating? If so, where would you find 
information on what databases did not replicate? 



How many successful replications have there been? 



2. Is there any mail waiting to be routed on Hub? 
If so, what might be the reason? 
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r^^ll Monitoring Server 
it££ Performance 




There are multiple tools available to monitor server resources and statistics. This 
lesson introduces the following tools: 

■ Server Monitor 

■ Domino Web Administrator 

■ Domino Console 



Objectives 



After completing this lesson, you should be able to: 

s View statistics using the Server Monitor. 

^ Use the Domino Web Administrator to monitor servers. 

s Issue commands in the Domino Console. 
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Viewing Statistics 

Statistic collection starts when an administrator does the following: 

■ Start Domino server monitoring 

■ Chart real-time statistics 

■ Access the Server - Statistic tab 

The Statistic Collector task continually gathers events and statistics from the 
servers monitored via these actions and stores them in the Monitoring Results 
database. 



View statistic information in the Monitoring Results 
database 



Follow these steps to view information in Monitoring Results (StatRep.nsf). 
Complete the information in the Result section. 



Step 


Action 


1 


Click the Server tab-> Analysis tab -> Monitoring Results section-^ 
Events section->AII view. 


2 


Open the most recent report. 


3 


Select Statistics Report section -> Systems view. 
Result: 

■ What is the severity? 

■ What is the Event text? 

■ List anything in red with a value above zero. 
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Viewing Statistics... (continued) 




View real-time statistics 



There are several ways to view statistics, such as real-time or graphic views. 

Follow these steps to view real-time statistics. Answer the question in the 
Result section. 



Step 


Action 


1 


Click the Server tab-> Statistics tab. 

Note: Loading the statistics may take a few seconds. 


2 


Select Disk->C (Domino system disk). 

Result: How much free space is available (in MB)? 
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Using the Server Monitor 

The Server Monitor provides a visual representation of the status and availability 
of selected Domino servers, tasks, real-time system statistics, and status 
indicators. The Administration Preferences control the default behavior of the 
Server Monitor. 



Views 



The following table lists the Server Monitor views. 



View 


Displays... 


By State 


A detailed status of Domino servers and the associated tasks and 
statistics. 


By Timeline 


Historic information about server status that allows quick 
determination of which tasks are having problems and when the 
problems occurred. Information can be displayed in time intervals 
of 1 to 60 minutes. 



Default tasks and statistics 



The following table lists the tasks and statistics displayed by the Server Monitor. 



Tasks 


Statistics 


Admin Process 


Server.Users 


Agent Manager 


Mail. Dead 


Database Server 


Mail.Hold 


Event Monitor 


Mail.Waiting 


Indexer 


Server.Availabilitylndex 


Replicator 


Server.ElapsedTime 


Router 




Stats 
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Using the Server Monitor... (continued) 



Monitor servers 



In the graphic below, the administrator is monitoring five servers. The following 
table lists the status of each server. 



Server 


Flag 


East01/SRV/WWCorp 


Running. 


Hub/WWCorp 


■ Failure (!): The Administration Process is not running. 

■ Warning (?): The Agent Manager has a warning flag. 


NorthOI/WWCorp 


Running. 


SouthOI/WWCorp 


Running. 


West01/SRV/WWCorp 


Running. 
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Using the Server Monitor.. .(continued) 



View statistics 



Follow these steps to view statistics. Complete the information in the 
Result section. 



Qton 

oiep 


Acuon 


1 


From the menu, choose File->Preferences-> Administration Preferences. 


2 


Click Monitoring. 


3 


Select From this computer. 


4 


Select Automatically monitor servers at startup. Click OK. 


5 


Click the Server tab-> Monitoring tab. 


6 


Choose the By State view. 


7 


Click Start. 

Result: Wait for at least 2 minutes. Are there any tasks that are not running 
normally? Describe. 




Monitor free disk space 



To monitor free disk space from the Server Monitor, add a statistic. 

Follow these steps to monitor free disk space. Complete the information in the 
Result section. 



Step 


Action 


1 


From the menu, choose Monitor ing-> Monitor New Statistic. 


2 


Select Disk^(C)^Free. Click OK. 


3 


After the display updates, record the value for free disk space. 

Result: Is this the same value you obtained from the Statistics tab in the 
View real-time statistics guided practice earlier in this lesson? 
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Using the Domino Web Administrator 

The Domino 6 Web Administrator provides administrators with the majority of 
features available through the Domino Administrator — such as viewing and 
monitoring information about servers and users, statistics collection, changing 
database ACLs, event handler, and using the remote server console. 



Benefits of using the Web Administrator 



The Web Administrator supports role-based permissions so senior Domino 
administrators can delegate administrative tasks to other administrators who may 
not have access to the Domino Administrator client. 

The Web Administrator uses the Web Administrator database (WebAdmin.nsf). 
The first time the HTTP task starts on a Web server, Domino automatically creates 
this database in the Domino data directory. Domino assigns a unique replica ID to 
the database; therefore, the Web Administrator database does not replicate 
between servers. 




Monitor with the Domino Web Administrator 



Follow these steps to monitor a server with the Domino Web Administrator. 



Step 


Action 


1 


Open Internet Explorer (version 5.5 or above). 


2 


Enter the URL address for the Web Administrator. For example: 

http : / / dominoserver . domainname . com/ webadmin . ns f . 

where dominoserver . domainname is the server and domain name for 

your Domino server, for example, hub . wwcorp . com. 


3 


Enter your Domino server administrator name and Internet password, 
and click OK. 

■ What information is given about your server? 


4 


Select Server-> Status-> HTTP Statistics. 

■ What type of information is here? 


5 


After exploring for a few minutes, Logout. 



122 



Administering IBM Lotus Domino 6: Managing Servers and Users 



Lesson 6 ■ Monitoring Server Performance 

Using the Domino Console 

The Domino Console provides a server console on any platform that supports 
Java, allowing an administrator to enter commands in the traditional text-based 
manner or from menus. 



Advantages of the Domino Console 



The Domino Console offers the following advantages to an administrator: 

■ Platform-independent control of server using Java-based Ul 

■ Remote startup and shutdown of the Domino server 

■ Menu options for console commands 

■ Commands for groups of servers and operating system shell 

■ Connection to various servers in various organizations: 

■ Switch servers with one click 

■ Authenticate with Internet password only 

■ Logging of console messages to a text file 

Domino Console components 



The two main components of the Domino Console are described in the 
following table. 



Component 


Function 


Runs on 


Controller 


Listens for commands 


Domino server 


Console 


The user interface 


Any machine connected to 
the server 
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Using the Domino Console... (continued) 



Console and Controller commands 



The following table lists the commands that allow administrators to control how 
many processes are running on the same machine at the same time. 



Command 


Starts the Following Components... 


nserver -jc 


Console, Domino, and Controller 


nserver -jc -c 


Domino and Controller 


nserver -jc -s 


Console and Controller 


nserver -jc -c -s 


Controller only 




Start the Controller 



Follow these steps to start the Controller on the Domino server system. 



Step 


Action 


1 


Ensure that the Domino server is not running on your machine. 


2 


From the Windows desktop, choose Start->Run. 


3 


Enter <path>\nserver -jc -c -s, and click OK. 

Where <path> is replaced by the path to the Domino program directory. 

Result: The Domino controller displays. 



Start the Domino Console 



Follow these steps to start the Domino Console. 



Step 


Action 


1 


From the Windows desktop, choose Starts Run. 


2 


Enter <path>\ j console, and click OK. 
Where <path> is replaced by the path to either: 

■ The Domino program directory 

■ The Notes program directory 
Result: The Domino Console displays. 
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Using the Domino Console... (continued) 
Connect to the server through the Controller 

Follow these steps to connect to the server. 



Step 


Action 


1 


From the Domino Console, choose File->Open Server. 


2 


For User Name and Password, enter your administrator name and Internet 
password. 


3 


Enter (or select) the server. 


4 


Click OK. 


5 


After connecting to the controller, choose File-> Refresh Server List. 


6 


Open the server bookmark, and view All Servers. 
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Issuing Commands in Domino Console 

Administrators can use the Domino Console, a Java-based console, to send 
commands to the Domino Controller.The Domino Console does not require a 
Notes ID, only a Domino Internet name and password, so administrators can 
connect to servers in different organization hierarchies without having multiple 
Notes IDs or cross-certificates. 




Issue commands 



Follow these steps to add and issue a custom command. 



Step 


Action 


1 


In the Domino Console, choose File->Show->Users. 
Result: The list of users displays. 


2 


Choose Edit->Custom Commands. 


3 


Enter the following command: load updall -v 


4 


Click Add, and then click Save. 


5 


Click the triangle next to Commands. 
















Send ' 


Commands... Hj 






















6 


Select the shell dir command. 


7 


Click Send. 

Result: The custom command displays a file listing. 



126 



Administering IBM Lotus Domino 6: Managing Servers and Users 



Lesson 6 ■ Monitoring Server Performance 

Issuing Commands in Domino Console... (continued) 




Send a command to multiple servers 



Follow these steps to send a command to two servers. 



Step 



Action 



In the Domino Command field, enter show user s, but do not click Send. 



Click the triangle next to Send, and select To Select Servers. 



Domino Command: 








show users| 


Send 


i; 



Edit Send Menu... 
Secure Password 



Select your server, and click Add. 



Select a different server, and click Add. 



Click Send. 



Note: The Domino Console also allows saving a group of servers and sending a 
command to the group as needed. 
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Issuing Commands in Domino Console... (continued) 



Automate periodic commands 



Follow these steps to schedule commands to run periodically. 



Step 


Action 


1 


Choose Edit-> Periodic commands. 


2 


Click Add Command. 


3 


Click under Server, and select your server. 


4 


Press the right arrow key 


5 


Enter the following command: 

show stat mail 


6 


Press the right arrow key twice. 


7 


Select Enable. 


8 


Click Save Command. 




Exit the Domino Console 



Follow these steps to exit the Domino Console and start the traditional server 
console. 



Step 


Action 


1 


Choose File->Exit. 


2 


Select the checkbox labeled Also stop Server Controller and Server. 

Note: This checkbox is only enabled if the Domino Console is running on the 
server machine. If this is a remote session, it will be disabled. 


3 


Click Yes. 


4 


Restart the Domino server. 
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Resolving Server Problems 



When a Domino server is not functioning as expected, administrators have 
several resources at their disposal to troubleshoot problems. This lesson 
includes references to those resources as well as possible solutions to common 
server problems. 



Objectives 



After completing this lesson, you should be able to: 

✓ Use troubleshooting tools in Domino Administrator server console. 

✓ Solve server access issues. 

^ Solve Administration Process issues. 

✓ Solve agent issues. 

✓ Troubleshoot replication problems. 

✓ Recover from a server crash. 



130 



Administering IBM Lotus Domino 6: Managing Servers and Users 



Lesson 7 ■ Resolving Server Problems 



Troubleshooting Using the Domino 
Administrator Server Console 

The Server Console view in Domino Administrator includes the following tools to 
help troubleshoot problems: 

■ A stop trigger to pause the server console when a specified error occurs 

■ Lookup error messages including possible causes and resolutions 

■ An event handler to be notified when errors occur 




Set a stop trigger 



Administrators can configure the server console to stop (pause) the console 
display when a particular event occurs — typically an error message. Follow these 
steps to set a stop trigger. 



Step 


Action 


1 


Click the Server tab^Status tab->Server Console view. 


2 


Click Live. 


3 


Enter the following command to generate a replication error message: 

rep earthtest/wwcorp names. nsf 

Click Send. 


4 


Once the replication error occurs, click Pause. 


5 


Select the error resulting from the server being unable to find Earthtest/ 
WWCorp, right-click, and choose Set Watch. 


6 


Click OK on the message box stating The server console will pause on the next 
occurrence, plus ten lines, of this error. 


7 


Click Resume. 


8 


Repeat the replication command in Step 3. 

Hint: Select the original command from the Domino Command list box. 


9 


Enter the show Tasks command, and then click Send. 

Result: The server console display pauses on the replication error. 


10 


Click Resume to restart server console display. 
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Troubleshooting Using the Domino Administrator Server 

Console... (continued) 

Look up error messages at the server console 



Administrators can look up standard error messages that display on the server 
console without using Lotus Domino Administrator 6 Help. Follow these steps to 
look up an error message at the server console. 



Step 


Action 


1 


From the Live Server Console view, click Pause. 


2 


Select the replication error generated in the Set a stop trigger guided practice. 


3 


Right-click, and choose Lookup Error. 

Result: A Server and Addin Task Event document opens. 


4 


Read the information on each tab (Basics and Advanced), then click Cancel 
to close the document. 


5 


Click Resume to restart server console display. 



Cancel a stop trigger 



After fixing the problem, follow these steps to cancel the stop trigger. 



Step 


Action 


1 


From the Live Server Console view, click Pause. 


2 


Select the replication error message generated during the Set a stop trigger 
guided practice. 


3 


Right-click, and choose Reset Watch. 


4 


Click OK on the message box stating The server console will no longer pause 
on the next occurrence of this error. 


5 


Click Resume. 



Note: Administrators can configure notification when a particular event occurs. 
With the server console paused, select the event, right-click, and choose Create 
Local Event Handler. Complete the form as seen previously in Lesson 5: Setting 
Up Server Monitoring. 
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Solving Server Access Problems 

Administrators need to solve server access problems when a user (or server) is 
not able to authenticate with a destination server, or not authorized to access a 
destination server. These problems can occur when: 

■ A user is attempting to access a server from a Notes client or Web browser. 

■ A server is attempting to access a server to: 

■ Route mail or replicate databases. 

■ Perform a task such as creating a replica database on another server. 



Common server access problems 



The following table lists the most common server access errors. 



Error Message 


Possible Cause 


Possible Resolution 


Server Error: 
The server's Domino 
Directory does not 
contain any cross 
certificates capable of 
authenticating you 


The user (or server) does 
not hold a certificate in 
common with the 
destination server. 


■ Verify the certificates held by 
the user (or server) trying to 
access the destination server. 

■ Set up bi-directional cross- 
certification between the user 
(or server) and the destination 
server. 


Server Error: You are 
not authorized to use 
the server 


The access lists in the 
Server document are 
preventing the user 
(or server) from being 
granted access to the 
destination server. 


■ Make the appropriate 
modifications to the Server 
document, Security Tab: 

■ Remove the user (or server) 
from the Not access server 
field. 

■ Add the user (or server) to 
the Access server field. 

■ Verify other fields in the 
Administrators, Security 
Settings, and Server Access 

sections on the Security tab. 
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Solving Server Access Problems... (continued) 
Additional resources 

Use any of the following additional resources: 

■ View the Domino Server Log (Log.nsf) for error messages and problems. 

■ Refer to the following topics in Lotus Domino Administrator 6 Help: 

■ Checking the Domino Directory for errors that affect server access 

■ Checking the server ID for a problem that affects server access 

■ Lookup any error messages on the Lotus Support Services Web site at 
http://www-3.ibm.com/software/lotus/support/ . 

Customers from Universe Corporation receive the following error 
message when they attempt to open the Product Ideas database on the 
Hub/SVR/WWCorp server: 

Classroom « server Error: The server's Domino Directory does not 
Scenario contain any cross certificates capable of authenticating 
you" 




134 



Administering IBM Lotus Domino 6: Managing Servers and Users 



Lesson 7 ■ Resolving Server Problems 

Solving Administration Process 
Problems 

The Administration Process performs complicated tasks that may require several 
tasks to be performed in exactly the right order, some of which require 
administrator intervention. 

Common Administration Process problems 



The following table lists the most common problems when troubleshooting the 
Administration Process. 



Problem 


Possible Cause/resolution 


User, administrator, or server is 
not authorized to perform the 


Verify that the user, administrator, or server has 
the proper privileges to perform the operation 

mannalK/ inoliiHinn at loact A nthnr \A/ith Proato 
1 1 Idl lUdlly IMUIUUIliy ell Icdol nUlllUI Willi OltJalt? 

documents access to the Administration Requests 
database. 

A server needs the same access that an 
administrator needs. 


A request has not been 
carried out. 


Check the following views for any requests that 
require administrator intervention: 

■ Pending Administrator Approval 

■ Name Move Requests 

■ CA Modification Requests or CA Recovery 
Updates 


Requests are carried out on the 
Administration Server for the 
Domino Directory, but not on 
other servers in the domain. 


Replicate the Domino Directory and Administration 
Requests database with all servers in the domain 
on a regularly scheduled basis. 


Requests are taking hours and 
sometimes days to be carried out. 


Configure the Administration Process intervals in 
the Server document->Server Tasks tab-> 
Administration Process tab. 
Look up the request title in Lotus Domino 
Administrator 6 Help to see when the request 
should be carried out. Some requests are carried 
out daily or weekly. 


Changes to user and group 
names are not propagating to 
some databases. 


Verify that the database ACL has an 
Administration Server and correct action specified 
(Modify all Readers and Authors fields or 
Modify all Names fields). 



(continued on next page.. .) 
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Solving Administration Process Problems... (continued) 
Common Administration Process problems... 



Problem 


Possible Cause/resolution 


Pom loctc oka nrnpoocinn in 
iit?L|Ut?olo alt? pruutJooiiiy III 

the initiating domain, but not 
in other domains. 


\/^rif\# that Prnoc.H^inQin f^f\r\i ini iroti/^n H/^voi imontc 
Vtzilly lllal UlUbo -UUilldlll UUI IliyUlallUI 1 UUUUI I ItJI llo 

are correct. 

If cross-certification is necessary to access the other 
domain's servers, verify that the Cross-certificate 
documents exist for both organizations. 


User name change requests 
are not processing. 


■ Verify that the Certification Log database 
(CertLog.nsf ) exists and that the requestor has at 
least Author with Create documents access. 

■ The request is not intended to be carried out 
immediately. Some requests are carried out based 
on an interval, daily or weekly. 

■ A request requires administrator intervention. 

■ The request was approved using the wrong certifier. 


Additional resources 



Use any of the following additional resources: 

■ Check the following views in the Administration Requests database for 
possible reasons the request failed: 

■ All Errors by Date 

■ All Errors by Server 

■ Refer to the following topics in Lotus Domino Administrator 6 Help: 

■ Administration Process - Problems and error messages 

■ How to troubleshoot the Administration Process 

■ Administration request messages 

■ Lookup any error messages on the Lotus Support Services Web Site at 
http://www-3.ibm.com/software/lotus/support/ . 

Reviewing the classroom scenario 



Administrators are unable to use the Administration Process to create a 
replica on the Hub server. They do not receive any error message when 
they initiate the request, however, the replica is not created. 




Classroom 
Scenario 
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Solving Connection Problems 

There are numerous causes for two servers being unable to connect, many of 
which are network-specific. These problems can occur when a server is 
attempting to access another server for the purposes of mail routing or replication. 
More detailed troubleshooting steps for various network protocols can be found in 
Lotus Domino Administrator 6 Help. 

Common connection error messages 



The following list contains common error messages that are reported at the server 
console when two servers fail to connect: 

■ Unable to find path to server 

■ The server is not responding 

■ The remote server is not a known TCP/IP host 

■ Connection denied: The server you connected to has a different name from 
the one requested 

Troubleshooting tips for resolving connection problems 

After verifying that both servers are running, perform the following tasks: 

■ Verify that both servers' IP addresses are correct in DNS or hosts files. 

■ Clear the server's cache by restarting the server. 

■ Use the trace servername OX trace portnamel ! ! servername Console 

command to trace the network path to the other server. 

■ If recent changes to a server include host name, IP address, or port names, 
it may be necessary to clear some system fields in the Server document. 
Refer to the following technotes on the Lotus Support Services Web site: 

■ How to Disable Server Cache of the Last Known Address 

m Where are Server Addresses Cached in Notes and Domino? 

■ Verify that the following fields are correct in both Server documents. 



Tab 


Field Name 


Basics 


■ Server name 

■ Fully qualified Internet host name 


Ports 


■ Port is Enabled 

■ Net Address 



(continued on next page. . .) 
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Solving Connection Problems... (continued) 



Troubleshooting tips for resolving connection problems... 



■ Verify that the following fields are correct in the Connection document used by 
the two servers attempting to connect.: 



Tab 


Field Name 


Basics 


■ Source and Destination server 

■ Source and Destination domain 

■ Use the port(s) 

■ Connection type 

■ Optional network address 



Additional resources 



Use any of the following additional resources: 

■ View the Domino Server Log (Log.nsf) for error messages and problems. 

■ Refer to the following documents in Lotus Domino Administrator 6 Help: 

■ Modems and remote connections - Troubleshooting 

■ Network connections over NRPC - Troubleshooting 

■ Network dialup connections Troubleshooting 

■ From the Lotus Developer Domain Sandbox Web site at 
http://www-10.lotus.com/ldd/sandbox.nsf: 

■ Download the Notes Connect diagnostic tool, NPing.exe, or the Java- 
based diagnostic tool, JPing.exe. 

■ Refer to the LDD Today article titled Testing TCP/IP connection with 
NotesCONNECT 

■ Look up any error messages on the Lotus Support Services Web site at 
http://www-3.ibm.com/software/lotus/support/ . 

Reviewing the classroom scenario 



The Hub server is unable to connect to the EastOI server to replicate 
during off hours. The server console on Hub displays an "Unable to 
find path to server " error message. The administrators have 
already tested the following: 

■ Restarted both servers. 

■ Users can access both servers. 

■ Trace east 01 from Hub's console successfully connects to EastOI . 

■ The IP addresses for both servers are correct in DNS. 




Classroom 
Scenario 
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Solving Agent Manager Problems 

The Agent Manager controls the execution of private and shared agents on the 
server. Since running agents uses server resources, administrators can place 
tight controls on who can run agents on the server. 



Common Agent Manager problems 



The following table contains the most common Agent Manager problems. 



Problem 


Server Document Fields to Edit 


User has insufficient access to run LotusScript, 
JavaScript, or Java agents. 


Security tab->Programmability 
Restrictions section 


User or server who signed the agent does not 
have access to run the agent on the server. 


User cannot run agents written using Simple 
actions or the formula language on the server. 


Time limit is preventing agents from finishing. 


Server Tasks tab-> Agent Manager 
tab-> Daytime Parameters and 
Nighttime Parameters sections 



Administering IBM Lotus Domino 6: Managing Servers and Users 



139 



Lesson 7 ■ Resolving Server Problems 

Solving Agent Manager Problems... (continued) 



Additional resources 

Use any of the following additional resources: 

■ Set the Notes.ini file setting ( Log_ Agent Manager=1), then view the Domino 
Server Log (Log.nsf) for error messages and problems. 

■ View the Agent log for a particular agent. 

■ Refer to the following topics in Lotus Domino Administrator 6 Help: 

■ Tools for troubleshooting Agent Manager and agents 

■ Agent manager and agents - Problems and error messages 

■ Refer to the Lotus Domino Designer 6 Help topic Security for agents on 
servers and the Web. 

■ Lookup any error messages on the Lotus Support Services Web site at 
http://www-3.ibm.com/software/lotus/support/ . 

Reviewing the classroom scenario 




Users whose mail server is Hub/SVR/WWCorp cannot run the 
Out-of-Office agent. 



Classroom 
Scenario 
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Solving Replication Problems 

The Replicator synchronizes databases on two Domino servers. However, there 
are many factors that affect when, how, and if replication occurs. This section 
discusses some of those factors to investigate replication problems. 



Common replication problems 



The following table contains common replication problems. 



Note: This is not an all-inclusive list. Replication problems can be complicated 
and caused by multiple factors. 



Problem 


Possible Cause 


Replication did not occur at all. 


■ Server or replica task is not running on one or 
both servers. 

■ Servers have an authentication or authorization 
problem. 

■ Servers have a connectivity problem. 

■ Replication Settings prevent replication. 

■ ACL of one replica does not permit replication 
to occur. 


Replication occurred, but 
documents are missing. 


■ ACL settings are incorrect. 

■ Form read access lists or Readers fields are 
being used. 

■ Replication Settings prevent some documents 
from replicating. 

■ Replication History is incorrect or incomplete. 


Replication occurred, but there 
are replication conflicts. 


■ ACL settings are incorrect. 

■ Author access with Authors fields are not 
being used. 


Replication occurred, and deleted 
documents have returned. 


Purge interval is set more frequently than the 
replication schedule. 


Replication is not happening in a 
timely manner. 


Replication schedule or replication topology is 
incorrect. 
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Solving Replication Problems... (continued) 



Additional resources 



Use any of the following additional resources: 

■ Set the Notes.ini file setting (Log_Replication=1 , 2, 3 or 4), then view the 
Domino Log file (Log.nsf) for error messages and problems. 

■ Refer to the following topics in Lotus Domino Administrator 6 Help: 

■ Tools for troubleshooting replication 

■ Replication Problems and error messages 

■ Look up any error messages or keywords on the Lotus Support Services Web 
site at http://wwW'3jbm,CQm/software/lotus/support/ , For example, enter 
search criteria that you suspect is the problem: replication readers field 



142 



Administering IBM Lotus Domino 6: Managing Servers and Users 



Lesson 7 ■ Resolving Server Problems 

Server Access to Read Documents 



A server can only replicate those documents that it has access to read. 
The following mechanisms affect a server's access to read a document: 

■ Readers field 

■ Form Read Access List 



The Readers field 



When a document contains a Readers field, all applicable servers must be 
included in the field for the server to be able to replicate the document. A blank 
Readers field indicates all users and servers can read the document. 

There can be more than one Readers field in a document. In this case, all Readers 
fields cumulatively determine who has access to read the document. 

Note: Using the Administration Process to delete a user could result in 
Readers fields being left blank in documents where the deleted user was the only 
reader specified. 



The form Read Access List 



A database designer can select roles, user, server, and group names on the 
form's Read Access List. When a user creates and saves a document based on 
the form, Notes creates a $Readers field and stores the names of those roles, 
user, server, and group names that the database designer selected on the form's 
Read Access List. 
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Selecting Documents to Replicate 

Replication settings are used to limit the size of a replica or to display a subset of 
information relevant to a particular group of users. When using selective replication, 
verify the settings do not exclude necessary documents or fields. A person requires 
Manager access to the database to change replication settings. 

Worldwide Corporation's Phone Support group reports that certain 
documents in the Customer Service database are not replicating. 

Classroom 
Scenario 




View replication settings 



Follow these steps to verify the replication settings, and answer the questions. 



Step 


Action 


1 


Open the Customer Service database on Hub/SVR/WWCorp. 


2 


Choose File->Replication-> Settings, and view the Basics tab. 


3 


Click Space Savers. 

■ Are a subset of documents replicated? 


4 


Click Send. 

■ Are deletions in the replica sent to other replicas? 


5 


Click Other. 

■ Is replication disabled? 

■ After what modification date are documents replicated? 


6 


Click Advanced. 

■ What items are replicating when Hub/SVR/WWCorp replicates with 
West01/SVR/WWCorp? 


7 


Click OK to close the Replication Settings for Customer Service dialog box. 
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Using Replication History 



The first time a server replica successfully replicates, Domino creates an entry in 
the replication history. The history contains the name of the other server, and the 
date and time of the last successful replication. 

If a database does not replicate successfully, Domino does not update the 
replication history; therefore, a review of the replication history provides a quick 
way to determine the time of the last successful database replication. 



v ' ewin 9 replication history 



Follow these steps to view the replication history for a database. 



Step 


Action 


1 


Open the database, and choose File->Replication->History. 


2 


View the history either by Date or Server Name. 


3 


To clear one entry, select the entry in the window, and click Clear. Click Yes 
to confirm. 


4 


To clear the entire history, click Clear All. Click Yes to confirm. 


5 


Click Done when finished. 



Notes: 

■ Clearing the replication history requires Manager access. 

■ The database's replication history is not synchronized with other replicas. 




Do not clear replication history unless the database does not contain all 
the documents it should. 



If cleared, during the next replication Domino will scan all of the 
documents modified or created during the time specified in the Only 
replicate incoming documents saved or modified after replication 
setting; if the setting is blank, Domino will scan all documents in the 
database. Both procedures are time-consuming. 
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Resolving Replication Conflicts 

A replication conflict occurs when the same document is edited in different 
replicas of a database in between scheduled replications, and either: 

■ The application developer did not specify to merge replication conflicts 
or 

■ The option was enabled, but the same field was edited in the same document 
on different servers, so Domino is unable to resolve the conflict. 

A save conflict occurs when two people simultaneously edit the same document in 
the same replica. 

Replication conflicts appear in a view as a Response document to a Main 
document. They are entitled Replication or save conflict and are preceded 
by a diamond. 



Resolving replication conflicts 



The system administrator, the application developer, or database manager can 
follow these steps to resolve a replication or save conflict. 



Step 


Action 


1 


Review the Main document and the conflict document to identify the 
differences. 


2 


Copy the changes to keep from the conflict document into the Main document. 


3 


Delete the conflict document. 





Do not delete the Main document. Deleting the Main document in a 
response hierarchy removes the responses from the view. These orphaned 
documents no longer appear in the standard view and require additional 



Caution design work to locate them. 
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Resolving Replication Conflicts... (continued) 



Tip: Create a view to identify conflict documents 

To locate replication or save conflicts, create a view that displays only conflict documents 
(not shown in a response hierarchy) using a selection formula such as: 

SELECT @IsAvailable($Conflict) 

To see a conflict document in context with its Main document: 

1 . Select the Replication or Save Conflict document in the view that displays conflicts. 

2. Hold down the Ctrl key. 

3. Switch to the view that shows the Main document. 



Minimizing replication and save conflicts 

To reduce replication and save conflicts, the application developer can: 

■ Adjust the ACL to restrict Editor access. 

■ Use Author access with an Authors field. 

■ Enable document locking. 

Document locking permits users with Author access or higher to lock 
documents in that database which can reduce replication conflicts. For more 
information, refer to the following additional resources: 

■ How to enable document locking: Document Locking in Lotus Domino 
Designer 6 Help 

■ How users lock a document: Locking Documents in Lotus Notes 6 Help 

■ Change the form design to merge replication conflicts. Refer to the Lotus Domino 
Designer 6 Help topic Forms Properties box - Form Info tabfConflict Handling. 
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Coordinating the Purge Interval and 
Replication Schedule 

When a document is deleted from a database, a deletion stub is left behind in the 
document's place. The deletion stub is a marker that tells the Replicator that the 
document should be deleted in other replicas. Deleted documents may return if a 
deletion stub is removed before it has a chance to replicate to all replicas. 



Purging interval and deletion stubs 



The purge interval controls when Domino purges deletion stubs from a database. 
Domino regularly removes deletion stubs that are at least as old as the value 
specified in Replication Settings-^ Remove Documents Not Modified In The 
Last Days. Domino checks for deletion stubs to remove at 1/3 of this value. 

Tip: To remove the deletion stubs immediately, set the Remove Documents Not 

Modified In The Last Days field to 0. The deletion stubs are removed when the 

Replication Settings dialog box is closed. Then, reset the field to its original value. 



Best practices for replication and purge intervals 



Consider the following factors when scheduling replication and setting the 
purge interval: 

■ When setting the purge interval, the administrator and database manager 
should consult to make sure that it coincides with replication schedules. 

■ Shortening the purge interval may result in deleted documents being 
replicated back to the replica. Replication should occur more frequently than 
the purge interval. 

For example, if the purge interval is set to 30 days and replication occurs once 
every two weeks, then deletion stubs are replicated before they are removed. 
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Coordinating the Purge Interval and Replication 

Schedule... (continued) 

stf^i Checklist: Determining replication schedule problems 



The following checklist describes the process used to determine the cause of 
problems with replication schedules. 





Task 


Procedure 


□ 


1 


Verify replication schedules. 


□ 


2 


Check log files for replication time periods. 


□ 


3 


Verify schedules set to accommodate all servers in sequence. 
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Verifying Server Access in the ACL 

ACL changes are distributed via replication in much the same way as documents. 
The replication is two-way, but during any single-direction replication, the ACLs 
are either pulled or pushed, never both. 

If database ACLs are at odds with each other, a replication that would otherwise 
be successful does not occur. 



Examples of ACL problems that affect replication 



The following table shows some potential problems with incorrect ACL settings. 



Server with This 
Access... 


Is Authorized to... 


Potential Replication 
Problem 


No access 


Do nothing. 


Replication stops immediately. 


Reader access 


Read documents in the 
database. 


Server is unable to create/edit 
documents in the database. 


Author access 


Create documents in the 
database. 


Server is unable to write 
changes made to documents 
in the database. 


Best practices for server access 



The following table shows each database ACL level and the suggested use for 
servers based on what documents the server will need to replicate. 



Level 


Suggested Use for Servers 


No access 


Assign to OtherDomainServers. 


Depositor 


Not applicable for servers. 


Reader 


Assign to servers to allow the server to receive information from a 
replica, but not send changes back to the other server. 


Author 


Not applicable, because servers do not author documents. 


Editor 


Assign to servers that store replicas of the database in order to 
distribute edits to documents. 


Designer 


Assign to servers that application developers use to update the 
database design. 


Manager 


Assign sparingly to one server to distribute ACL changes to 
other servers. 
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Verifying Server Access in the ACL...(continued) 



Determining effective access 



The database ACL contains a tool to help determine the effective access a 
person, server or group has to the current database. Follow these steps to 
determine effective access. 



Step 


Action 


1 


From Domino Administrator, click the Files tab. 


2 


Select the database. 


3 


Choose Tools-> Database-^ Manage ACL. 


4 


Select the person, server, or group from the list, and click Effective Access. 

Result: A dialog box displays showing the following information for the 
selected user: 

■ Access level 

■ Privileges 

■ Groups 

■ Roles 


5 


To see the effective access for a different user, do one of the following: 

■ Complete the People, Servers, Groups field, and click Calculate Access. 

■ Click [ftj t select the person, server, or group. Click Add, and then click OK. 


6 


Click Done to close the Effective Access dialog box. 


7 


Click OK to close the Access Control List dialog box. 
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Troubleshoot Server ACL Access 
Exercise 

Worldwide Corporation administrators are troubleshooting replication 
problems that are caused by incorrect database ACLs. 

Classroom 
Scenario 




Identify appropriate server access guidelines 



Follow these guidelines when setting server access: 

1 . Assign an access level that is at least as high as the highest user access level. 

2. Include servers in Read Access Lists for database design elements. 

3. Assign appropriate access to intermediate servers. 

4. Assign Reader access for one-way replication. Give a server Reader access 
to a replica when you want to allow the server to receive information from the 
replica, but not to send changes back. 

5. If a database uses Authors fields allowing authors to edit the documents they 
create, assign the server Editor access to allow author's changes to replicate. 

6. A database should have at least the server where the replica resides in its 
ACL, and specify that server as the administration server for the database to 
allow the Administration Process to update names in the ACL. 



Enter the number of the guideline that is the most appropriate solution to the 
problems outlined in the table below. 



Solution 


Problem 




Changes were made to Server A's replica by someone with Author access. 
Server A's changes do not replicate to Server B. 




Design changes were made to the replica on Server A, but do not replicate 
to Server B. 




A replica on Server A includes a form access list that limits who can read 
documents created with the form. Server B needs to pull new documents 
and changes to documents created with the form. 




Server B needs to receive changes from a replica on Server A, but should 
not send changes to Server A. 




ACL changes on Server A's replica replicate to Server C via Server B. 




A user whose name changed is unable to access a database due to an 
incorrect ACL. 




152 



Administering IBM Lotus Domino 6: Managing Servers and Users 



Lesson 7 ■ Resolving Server Problems 

Recovering from a Server Crash 

With proper maintenance, the Domino server infrastructure works smoothly, and a 
server will rarely crash. If a server does crash, restart the server, then find out why 
it crashed and take the necessary steps to avoid future crashes. 



Reasons for a server crash 



The most common causes of server crashes are the following: 

■ Low or depleted system resources 

■ High server workload 

■ Software problems 

■ Network problems 

■ Changes to network or operating system environments 

■ Changes in hardware configuration (upgraded network cards or software 
configuration) 



Automatically restarting the server with Fault Recovery 



Domino 6 includes the option to automatically restart the server after a server 
crash. With Fault Recovery enabled, a server crash results in the server shutting 
itself down and then restarting automatically, without any administrator 
intervention. A fatal error, such as an operating system exception or an internal 
panic, terminates each Domino process and releases all associated resources. 

Domino records crash information in the data directory. When the server 
restarts after a crash an e-mail is sent to the person or group specified in the 
Server document. 
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Recovering from a Server Crash. m .(continued) 



Enabling Fault Recovery 



Follow these steps to enable Fault Recovery. 



Step 


Action 


1 


From Domino Administrator, click the Configuration tab->Server section^ 
All Server Documents view. 


2 


Select the Server document, and click Edit Server. 


3 


On the Basics tab, in the Fault Recovery field, select Enabled. 


4 


In the Mail Fault Notification to field, select the administrator's name or 
group name. 


5 


Click Save & Close. 



For more information, refer to the Lotus Domino Administrator 6 Help topic 
Fault Recovery. 
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Troubleshooting a Server Crash 

This section introduces some of the helpful tools to troubleshoot a server crash. 



Server crash checklist 



To troubleshoot a server crash an administrator should: 

□ Collect system information. 

□ Reconsider any changes made to the Domino environment. 

□ Record any messages that begin with "Panic" on the console. 

□ Review crash files. 

□ If a Notes System Dump (NSD) log file was created, verify that the file date and 
time coincides with the date and time of the crash. 

□ Check the Miscellaneous Events view in the Domino Server Log. 

Resources for more information 



Use the following additional resources: 

■ Look up any error messages and refer to the following White Papers on the Lotus 
Support Services Web site at http://www-3.ibm, com/software/lotus/support/ : 

■ Troubleshooting Notes/Domino Server Crashes 

■ Troubleshooting Notes/Domino Server Performance 

■ Refer to the following Lotus Domino Administrator 6 Help topics: 

■ How to troubleshoot server crashes 

■ Server crashes - Problems and error messages 



Contacting Lotus Support 



Refer to the LDD Today article titled Notes from Support: Calling Support with a 
Domino Server Crash. In general, when contacting Lotus Support for help in 
determining the cause of a server crash, have the following information available: 

■ Any root cause analysis already completed. 

■ The complete crash scenario including the steps to reproduce the crash. 

■ The collected information as outlined in Appendix D: Additional 
Reference Material. 
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Resolving User Problems 



This lesson covers the more common user problems and solutions. The lesson 
also refers to troubleshooting information available in Lotus Domino Administrator 
6 Help. Common user problems include the following: 

■ Error message when accessing a database 

■ Error message when starting or using the Notes client 

■ Unable to connect to a server 



Objectives 



After completing this lesson, you should be able to: 

s Troubleshoot database issues. 

^ Troubleshoot workstation problems. 

s Troubleshoot connection problems. 

^ Troubleshoot mail problems. 
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Resolving Workspace and Database 
Problems 

This section offers information on some of the more common requests for support. 

Important Notes client files 



The following table lists important Notes client files that affect the user's 
workspace. 



File Name 


Description 


Should be 
Backed-up 
Regularly 


Desktop6.ndk 


A list of accessed databases and any private 
views and folders 


Yes 


Bookmark.nsf 


Saved bookmarks, Welcome Page 
information and tool bars 


Yes 


Cache. ndk 


Recently used elements for quicker access 


Not necessary 



Common workspace error messages 



The following table lists common error messages that users receive and 
possible solutions. 



Error Message 


When Error Occurs 


Possible Solution 


Database object has been 
deleted 


Usually occurs when 
trying to open a database. 


Replace the database 
with a backup or try 
compacting the database. 


Unable to load 
DESKTOP6.NDK. The file is 
damaged, obsolete or 
intended for a different 
operating system. Delete the 
file and create a new desktop? 


Desktop6.ndk has been 
damaged, perhaps during 
a workstation crash. 


■ Answer No to restore a 
backup of 
Desktop6.ndk. 

■ Answer Yes to open 
Notes with a blank 
desktop. 



(continued on next page...) 



Administering IBM Lotus Domino 6: Managing Servers and Users 



157 



Lesson 8 ■ Resolving User Problems 



Resolving Workspace and Database Problems... (continued) 



Common workspace error messages... 



Error Message 


When Error Occurs 


Possible Solution 


Cannot write to file (possibly it 
is READ-ONLY or the disk is 
out of space or not ready) 


There is no space on the 
local drive, or there is 
insufficient access to 
write to the network drive. 


■ Free disk space on the 
local drive. 

■ Check disk space and 
privileges on the 
network drive. 


Unable to load Bookmarks 


The Bookmark.nsf file 
has been damaged. 


Delete the Bookmark.nsf 
file. It is rebuilt using the 
databases stored in the 
Desktop6.ndk file. 



Methods to free disk space on a local drive 



In addition to removing unwanted applications and deleting unwanted files, 
suggest that users perform the following additional tasks: 

■ Compact Domino databases stored on the local drive. 

■ Compact the Notes desktop (Desktop6.ndk) and Bookmarks (Bookmark.nsf). 

■ Limit the size of Cache. ndk in Workspace Properties. 

When to compact a database 



Compact databases to accomplish the following: 

■ Compact in-place for space recovery and/or file size reduction. 

■ Archive documents on server databases that are configured for document 
deletion and archiving. 

■ Fix corrupt databases that cannot be accessed. 
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Resolving Workspace and Database Problems... (continued) 




Compact a database 



A user received an error message indicating a database may be corrupt. 
Follow these steps to compact a database from the user's desktop. 





Step 


Action 




1 


From the Notes client, click the Databases Bookmark, then select Workspace. 




2 


Select the Yourusername's Log database (Log.nsf) on Local. 




3 


Choose File-> Database^ Properties. 




4 


Select the Info tab M 




5 


Click % used. Note the number displayed. 






Note: Generally, compact a database when the % used is less than 90%. 




6 


Click Compact to compact the database. 




7 


Once the database is compacted, click % used again. 






Result: Did the number change? 



Refreshing views in a single database 



Often users report that a database is not displaying all of the documents. This 
may be caused by missing or damaged views in the database. This table 
describes the keyboard shortcuts to manually update or rebuild views. 



When to Use 


Shortcut 


Description 


To display current information in 
the view 


F9 


Updates the current view 


To fix problems with a view 


SHIFT+ F9 


Rebuilds the current view 


To rebuild or update all views 


CTRL+SHIFT+F9 


Rebuilds all views in a 
database that are not built; 
updates existing view 
indexes 
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Resolving Workspace and Database Problems. ..(continued) 
Refreshing views in multiple databases 



From the Server tab->Status tab->Server Console view, issue the following 
server console command to rebuild the view indices for all databases on the server: 

load updall 

Refer to the Lotus Domino Administrator 6 Help topic Updall options\ox information 
on the command line options for the Updall server task. 

Additional resources 



Use the following additional resources: 

■ For specific details on other issues, refer to Lotus Domino Administrator 6 Help. 
Begin by reviewing the following topics: 

■ Troubleshooting database performance 

■ Managing databases with the Files tab 

■ Monitoring database activity 

■ Determining the file format of a database 

■ Database maintenance 

■ Additionally, refer to the following in Lotus Notes 6 Help: 

■ Troubleshooting topics 

■ Documents resulting from searching for keywords: desktop, error, or cache 

■ Look up any error messages on the Lotus Support Services Web site at 
http://www-3.ibm.com/software/lotus/support/ . 
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Resolving Connection Problems 

Network troubleshooting scenarios are related to specific network types. 
Specific troubleshooting steps for various network protocols are found in Lotus 
Domino Administrator 6 Help and Lotus Notes 6 Help. 

Common connection error messages 



The following list contains common error messages that users receive when 
failing to access a server: 

■ Unable to find path to server 

■ The server is not responding 

■ The remote server is not a known TCP/IP host 



Tools for resolving connection problems 

Use the following tools to verify connectivity: 

■ TCP/IP Ping utility 

■ Trace Connection Tool 

Using the Ping utility 



For the TCP/IP protocol, test network connectivity to the server machine using 
the Ping utility. Ping the server by: 

■ IP address 

■ Host name 

■ Common name 

■ Hierarchical name 



Administering IBM Lotus Domino 6: Managing Servers and Users 



161 



Lesson 8 ■ Resolving User Problems 

Resolving Connection Problems... (continued) 



Using the Trace Connection Tool 



To test connections to a server, use the Trace Connection tool. Results of a Trace 
Connection provide detailed information about the steps involved when connecting 
to a server and is useful in troubleshooting network connection problems. 

Note: Network trace information automatically appears on the status bar of a Notes 
workstation. The level of detail displayed is controlled by the Console_Loglevel 
variable in the user's Notes.ini file. 



Tracing network connections 



Follow these steps to trace a network connection. 



Step 


Action 


1 


From the Notes client, choose File-> Preferences-^ 
User Preferences^ Ports. 


2 


Highlight the protocol/port to analyze. 


3 


Click Trace. 


4 


Specify the server to attempt a connection. 


5 


For Trace Options, select the level of detail to record in the Notes log. 


6 


Click Trace. 


7 


Click Done. 



Note: This tool is intended to test workstation-to-server connectivity problems. 
Use the Trace server console command to test server-to-server connectivity 
problems. 
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Resolving Connection Problems.. .(continued) 



Troubleshooting tips for resolving connection problems 



After verifying the server is running, verify that the following information is correct: 

■ The server's IP address in DNS or hosts files. 

■ The following fields in the Server document in the Domino Directory. 



Tab 


Field Name 


Basics 


■ Server name 

■ Fully qualified Internet host name 


Ports 


■ Port is Enabled 

■ Net Address 


The following Connection document fields in the user's Personal Address 
Book. 


Tab 


Field Name 


Basics 


■ Server name 

■ Use LAN port or Modem port(s) 

■ Connection type 


Advanced 


Destination server address (for the Local Area Network 
and Network Dialup Connection type) 


The following Location document fields in the user's Personal Address Book. 


Tab 


Field Name 


Basics 


Location type 


Servers 


■ Home/mail server 

■ Domino directory server 


Ports 


Ports to use 


Mail 


■ Mail file location 

■ Mail file 

■ Domino mail domain 



■ If recent changes to a server include host name, IP address, or port names, 
it may be necessary to clear some system fields in the user's Location 
document or the Server document. Refer to the following technotes on the 
Lotus Support Services Web site: 

■ How to Disable Server Cache of the Last Known Address 

■ Where are Server Addresses Cached in Notes and Domino? 
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Resolving Connection Problems... (conf/nuedj 



Additional resources 



Use any of the following additional resources: 

■ View the Domino Server Log (Log.nsf) for error messages and problems. 

■ Refer to the following topics in Lotus Domino Administrator 6 Help: 

■ Modems and remote connections - Troubleshooting 

■ Network connections over NRPC -- Troubleshooting 

■ Network dialup connections Troubleshooting 

■ Look up any error messages on the Lotus Support Services Web site at 
httpy/www-3. ibm.com/software/lotus/support/ . 
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Responding to Mail Problems 



The following table lists common mail problems and possible resolutions. 



Problem 


Possible Cause 


Tools to Use 


A user is not receiving 
any mail. 


A user's mail file name was 
changed or moved without 
updating the Person document. 


Mail trace 


A message did not reach 
the intended recipient. 


A server along the mail path 
was down. 


Message tracking 



Sending a mail trace 



Follow these steps to trace the path a mail message would take to get to a 
destination mail file. 



Step 


Action 


1 


From Domino Administrator, click the Messaging tab^Mail tab. 


2 


Choose Tools->Messaging->Send Mail Trace. 


3 


In the To field, enter or select a mail user. 


4 


In the Subject field, enter Mail trace message for username. 


5 


Choose a delivery report option: 

■ Each server on path: Returns a Trace report indicating each router stop. 

■ Last server Only: Returns a Delivery Confirmation report from the 
destination server only. 


6 


Click Send. 


7 


View the delivery report in your mail file. 



Note: The Mail Trace tool does not deliver mail to the user's mail file, it traces the 
path a message would travel to reach another user's mail file. 
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Responding to Mail Problems... (continued) 
What is message tracking? 



Message tracking allows administrators to follow a previously sent mail message. 
A Message Tracking database on each server records the progress of the 
message to its final destination. 

For information on enabling message tracking, refer to Lotus Domino 
Administrator 6 Help or the Administering IBM Lotus Domino 6: Building the 
Infrastructure course. 




Track a mail message 



Follow these steps to track a mail message sent to you from Doctor Notes. 



Step 



Action 



From Domino Administrator, select Hub/SVR/WWCorp to administrator. 



Click the Messaging tab-> Tracking Center tab. 



Click New Tracking Request. 



Complete the New Tracking Request dialog box as shown below. 



New T tacking Request 



Erom [Doctor Notes _*J 



OK 



Cancel 



Sent Today 



Start at Sender's home server 

C Current Server Hub/SYR/V/WGocp 



Optional 




■ 



Please enter as much data a& you know aboui the mail you voent t 
track. The more you ptovide, the more refined the seeich will be. 



Note: Click LQJ to select the person for the From and To fields. 



Click OK. 



View the resulting reports. 
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Troubleshoot Server and User Problems 
Exercise 



Worldwide Corporation administrates are hearing reports of users 
having problems accessing Worldwide's servers and receiving mail. 
Additionally, there are some reports of other server problems. 
Worldwide administrators need to use all available troubleshooting tools 
to determine the cause of the problems. 




Investigate causes of server problems 



Investigate the following problems, then record your findings in the tables. 

Problem 1 : Servers in the East and West regions are not replicating with the Hub 
server. The Domino Server Log file indicates the following error message: 

Error connecting to server Hub/SVR/WWCorp : Server error: You are 
not authorized to use the server 



Item 


Findings 


Documents reviewed 




Tools used 




Problem determination 




Problem 2: A request to move Michelle Grassi's mail file did not complete. The 
mail file moved to the new server, but the old mail file was not deleted. 


Item 


Findings 


Documents reviewed 




Tools used 




Problem determination 





(continued on next page...) 




Classroom 
Scenario 
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Troubleshoot Server and User Problems Exercise... (continued) 
Investigate causes of user problems 



Problem 3: William Harris would like to schedule a Simple Action agent in his mail 
file. When he attempts to save the agent, he receives the following error message: 

You are not authorized to perform that operation 



Item 


Findings 


Documents reviewed 




Tools used 




Problem determination 




Problem 4: William Harris is complaining of not receiving any mail. On 
examination, the Domino Server Log file shows the following error message: 

Error delivering to HUB/SVR/WWCORP mail \wharris ; File does not 
exist 


Item 


Findings 


Documents reviewed 




Tools used 




Problem determination 





Problem 5: Users receive the following error attempting to connect to Hub: 

The remote server is not a known TCP/IP host 



Item 


Findings 


Documents reviewed 




Tools used 




Problem determination 
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Appendix A ■ Exercise Solutions 



About This Appendix 

This appendix provides solutions to classroom exercises. Information about 
activities is not provided. 

All exercise keys are provided in the order in which they appear in the 
course materials. 
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Lesson 1: Managing Users and Groups 

Change the Organizational Hierarchy 
Exercise 

Add an Organizational Unit (OU) 



Follow these steps to register regional Organizational Unit certifiers. 



Step 


Action 


1 


Click the Configuration tab->Tools-> Registration^ Organizational Unit. 


2 


Select Supply certifier ID and password. 


3 


Click Certifier ID, select the /WWCorp certifier, WWCorp.id, and click Open. 


4 


Click OK. 


5 


Enter lotusnotes, and click OK. 


6 


On the Certifier Recovery Information Warning dialog box, click OK. 


7 


Click Registration Server, enter your assigned server, and click OK. 


8 


Click Set ID File, enter the certifier ID file name, such as, br . id in the 
\Lotus\Notes\Data\lds\Certs directory, and click Save. 


9 


Enter BR in the Organizational Unit field. 


10 


Enter lotusnotes for the certifier password. 


11 


Select Weak password, not very secure (6) in the Password quality scale. 


12 


Click Register. 


13 


Click OK to acknowledge success. 
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Lesson 1: Managing Users and Groups...(continued) 
Change the Organizational Hierarchy Exercise... 

Request a new certifier 



Follow these steps to reassign a user to another organizational unit certifier. 



Step 


Action 


1 


From the Domino Administrator, select your server. 


2 


Click the People & Groups tab-> Domino Directories section^ 
WWCorp's Directory section->People view. 


3 


Select the people to move to a new certifier. 


4 


Choose Tools->People->Rename. 


5 


In the Honor old names for up to days (Between 14 and 60 days) field, 

enter a value. The default is 21 days. 


6 


Click Request Move to New Certifier. 


7 


Select Supply certifier ID and password. Click Certifier ID, select the 
original certifier ID file (either West. id or East.id), and click Open. 


8 


Click OK to continue. 


9 


Enter lotusnotes for the password, and click OK. 


10 


Select the new certifier ID file created earlier in this exercise from the 
New Certifier drop-down box, and then click OK. 


11 


Click OK to submit the request to change the common name. 


12 


Click OK after viewing the number of entries processed. 
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Lesson 1: Managing Users and Groups...(continued) 
Change the Organizational Hierarchy Exercise... 



Complete the move 



Once the request is posted, the move to the new certifier is approved by the 
owner of the new certifier. Follow these steps to complete the move. 



Step 


Action 


1 


From Domino Administrator, click the Server tab-> Analysis tab-> 
Administration Requests (6) section-^ Name Move Requests view. 


2 


Select the users to be moved. 


3 


Click Complete move for the selected entries. 


4 


Select Supply certifier ID and password. Click Certifier ID, select the new 
certifier ID file created earlier in this exercise, and click Open. 


5 


Click OK to continue. 


6 


Enter lotusnotes for the password, and click OK. 


7 


Accept or change the expiration date and click OK. 


8 


Click OK to submit the request to change the common name. 


9 


Click OK after viewing the number of entries processed. 
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Lesson 1: Managing Users and Groups...(continued) 

Assign Users to a Group Exercise 

Create a group 



Follow these steps to create the group. 



Step 


Action 


1 


From Domino Administrator, select your server. 


2 


Click the People & Groups tab->Domino Directories section-^ 
WWCorp's Directory section^ Groups view. 


3 


Click Add Group. 


4 


On the Basics tab, complete the following fields: 

■ Group name: Unique name describing the group's use, for example, 
Worldwide Support 

■ Group type: Access Control List only 

■ Description: All WW servers, support and admins 

■ Members: LocalDomainServers , LocalDomainAdmins , other 
users registered previously in the lesson 


5 


Click Save & Close. 



Answer the following questions: 

■ What did you name the group? 

Possible answer: Worldwide Administration 

■ What group type did you use? Why? 

Possible answer: Access Control List only, because the group will be used to 
control access to a database. 

■ List the group members. 

Possible answer: LocalDomainServers, LocalDomainAdmins, other users 
registered previously in the lesson 
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Lesson 1: Managing Users and Groups.. .(continued; 
Assign Users to a Group Exercise... 



Change group membership 



Follow these steps to change a users group membership. 



Step 


Action 


1 


From Domino Administrator, select your assigned server. 


2 


Click the People & Groups tab. 


3 


Choose Tools->Groups->Manage. 


4 


From the Look in drop-down box, select the appropriate directory. 


5 


Select a user from the People and Group listing in the left pane. 


6 


For the Group Hierarchies, choose the appropriate directory listing. 


7 


Select All group hierarchies, then select Show Group Type All. 


8 


From the right pane, select a group. 


9 


Click Add. 


10 


From the left pane, select another user you created. Drag and drop the user 
to a different group. 


11 


Click Done. 
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Lesson 1: Managing Users and Groups... (continued) 
Assign Users to a Group Exercise... 

(Optional) Delete the group 



Follow these steps to delete the group. 



Step 


Action 


I 


From Domino Administrator, select your server. 




Click the People & Groups tab-^ Domino Directories section-^ 
WWCorp's Directory section->Groups view. 


3 


Select the group created earlier in this exercise. 


4 


Click Delete Group. 


5 


If the server is running Windows NT, Domino Administrator will prompt to 
delete the corresponding group account from Windows NT User Manager. 
Click Yes to delete the group account. 


6 


Select one of the following options: 

■ Yes: Immediately deletes all references to the group in the current replica 
of the Domino Directory. 

■ No: Posts a Delete in Directory request in the Administration Requests 
database. The Administration Process deletes references to the group in 
the Domino Directory and database ACLs. 


7 


Click OK. 
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Lesson 4: Updating Servers 

Enable Cross-Organization 
Authentication Exercise 



Determine cross-certification levels 



The following figure shows a solution that provides the most secure environment. 




The following table includes the cross-certificates to create in order to enable the 
solution shown in the graphic. 



Cross-Certificate 
Issued by... 


Cross-Certificate 
Issued to... 


Cross-Certificate Stored 
in Directory for... 


ExternalOl /SVR/WWCorp 


ExHub01/SVR/Earth 


WWCorp domain 


ExHub01/SVR/Earth 


ExternalOl /SVR/WWCorp 


Earth domain 
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Lesson 4: Updating Servers...(continued) 

Set Administration Access Exercise 

Determine access 

Below are examples of solutions for a server and administrator in the East region. 

1 . Complete the following table with the new value for the server access fields. 
If the field should remain unchanged, leave the New Value column blank. 

Possible answer 



Server Access Field 


New Value 


Create databases & templates 


EastAdmins 


Create new replicas 


EastAdmins, EastServers 


Full Access administrators 


Doctor Notes/ WWCorp 


Administrators 


EastAdmins 


Database Administrators 


WestAdmins 



2. What servers, users, or groups require Manager access to databases on each 
regional server? 

Possible answer: EastAdmins and EastServers 



Allow access to your assigned server 



Follow these steps to allow the access outlined in Question 1 above. 



Step 


Action 


1 


From the Domino Administrator, click the Configuration tab-> 
Server section->AII Server Documents view. 


2 


Select the appropriate Server document. 


3 


Click Edit Server. 


4 


Select the Security tab. 


5 


In the Administrators section, complete the following fields: 

■ Full Access administrators: Doctor Notes /WWCorp 

■ Administrators: EastAdmins 

■ Database Administrators: WestAdmins 



(continued on next page...) 
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Lesson 4: Updating Servers. ..(continued) 



Allow access to your assigned server... 



Step 


Action 


6 


In the Server access section, complete the following fields: 

■ Create databases & templates: East Admins 

■ Create new replicas: East Admins , East Servers 


7 


Click Save & Close. 


8 


To restart the server, click the Server tab-> Status tab. 


9 


Choose Tools->Server-> Restart. 


10 


Enter the server's password (optional), and click OK. 


11 


Click Yes to confirm restarting the server. 



Test access 

Test the changes just made to access controls by completing the following tasks. 

1 . Create a database on Hub. Use any template for the database. Include your 
initials in the database title and file name to distinguish it from other students' 
databases. 



Step 


Action 


1 


Choose File-> Database^ New. 


2 


Select Hub/SVR/WWCorp from the list of servers. 


3 


Enter an appropriate database title and file name. 


4 


Select any template, such as, Discussion - Notes & Web (R6), 

Discsw6.ntf. 


5 


Click OK to create the database. 



(continued on next page...) 
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Lesson 4: Updating Servers... (continued; 



Test access... 



2. Modify the ACL to grant your assigned server the appropriate access. 



Step 


Action 


1 


Click the Files tab. 


2 


Select the database you created earlier in this exercise. 


3 


Choose Tools-> Database-^ Manage ACL. 


4 


Click Add, enter yourassignedserver and click OK. 


5 


Grant your assigned server Manager access. 


6 


Click OK to close the Access Control List dialog box. 


Create a replica of the database on your assigned server. 


Step 


Action 


1 


From Domino Administrator, select Hub/SVR/WWCorp to administer. 


2 


Click the Files tab, and expand the Database menu in the Tools pane. 


3 


Drag and drop the database you just created onto the Create Replica(s) 
database tool. 


4 


Select your assigned server from the list on which to create the replica, 
and click Add. 


5 


Click OK to submit a request to create the replica. 


Once everyone has restarted their servers, access a server in the other region 
from Domino Administrator. 


Step 


Action 


1 


Click the Domain servers icon. 


2 


Expand the All Servers section, and select a server in the other region. 



(continued on next page. ..) 



A ■ 12 



Administering IBM Lotus Domino 6: Managing Servers and Users 



Appendix A ■ Exercise Solutions 

Lesson 4: Updating Servers.. .(continued) 



Test access... 



5. For each tab in Domino Administrator, perform at least one task. One example 
is included in the following table. 



Step 


Action 


1 


Select a server in a different region. 


2 


Click the Files tab, then select a database. 


3 


Choose Tools->Database->Compact. 


4 


Click OK. 

RpQiilt* Thp HfltflhflQP iq rnmnartprl qi ipppQQf i illv Kippanqp v/oii h^v/P thp 
ncoui i. i lie udiaudoc 10 oui i i^jdL/i~u ouuucooi uiiy ucL«auoc y uu i lave 11 ic 

Database administrators access. 


5 


Choose File-> Database^ New. 


6 


Select the server accessed in Step 1 from the list of servers. 


7 


Enter an appropriate database title and file name. 


8 


Select any template, such as, Discussion - Notes & Web (R6), 

Discsw6.ntf. 


9 


Click OK to create the database. 

Result: The following error message displays: 

You are not authorized to create new databases on this 
server: others ervername databasename. nsf 

Click OK, then click Cancel to cancel creating the new database. 


10 


Click the Server tab-> Status tab-> Server Console view. 


11 


Click Live. 


12 


Enter any Domino command, such as show Tasks, and click Send. 

Result: You will be able to use the console because Database 
Administrators have all the rights of Full Remote Console Administrators. 



6. Select another server in your region and repeat the tasks. 

Result: You will be authorized to perform all tasks in the above procedure. 
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Lesson 5: Setting Up Server Monitoring 
Determine Server Status Exercise 



Identify status 



Question 1 

Follow these steps to obtain the information to answer Question 1 . 



Step 


Action 


1 


From Domino Administrator, select your server. 


2 


Click the Server tab->Analysis tab->Monitoring Results section^ 
Statistic Reports section->Mail_Database view. 


3 


Open the most recent report. 


4 


Scroll down to Replication Statistics. 


5 


Close the Statistics report. 


6 


Select Notes Log-> Replication Events. 


7 


Select your server and a date. 


8 


Open the log file. 



Question 2 

Follow any one of the following steps to obtain the information to answer 
Question 2: 

❖ Click the Server tab^ Statistics tab^Mail section^TotalPending view. 

❖ Click the Server tab-* Analysis tab^Monitoring Results sections 
Statistic Reports section^ Mail_database view. 

❖ Click the Messaging tab^Mail tab^Mail Routing Status view. 
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Lesson 7: Resolving Server Problems 

Troubleshoot Server ACL Access 
Exercise 

Identify appropriate server access guidelines 



Follow these guidelines when setting server access: 

1 . Assign an access level that is at least as high as the highest user access level. 

2. Include servers in Read Access Lists for database design elements. 

3. Assign appropriate access to intermediate servers. 

4. Assign Reader access for one-way replication. Give a server Reader access 
to a replica when you want to allow the server to receive information from the 
replica, but not to send changes back. 

5. If a database uses Authors fields allowing authors to edit the documents they 
create, assign the server Editor access to allow author's changes to replicate. 

6. A database should have at least the server where the replica resides in its 
ACL, and specify that server as the administration server for the database to 
allow the Administration Process to update names in the ACL. 

Enter the number of the guideline that will most likely solve the problems outlined 
in the table below. 



Solution 


Problem 


5 


Changes were made to Server A's replica by someone with Author access. 
Server A's changes do not replicate to Server B. 


1 


Design changes were made to the replica on Server A, but do not replicate 
to Server B. 


2 


A replica on Server A includes a form access list that limits who can read 
documents created with the form. Server B needs to pull new documents 
and changes to documents created with the form. 


4 


Server B needs to receive changes from a replica on Server A, but should 
not send changes to Server A. 


3 


ACL changes on Server A's replica replicate to Server C via Server B. 


6 


User whose name changed is unable to access database due to 
incorrect ACL. 
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Lesson 8: Resolving User Problems 

Troubleshoot Server and User Problems 
Exercise 

Investigate causes of server problems 



Investigate the following reported problems, then record the documents reviewed, 
the tools your investigating, and the problem determined to be the cause. 

Problem 1: Servers in the East and West regions are not replicating with the Hub 
server. The Domino Server Log file indicates the following error message: 

Error connecting to server Hub/SVR/WWCorp : Server error: You 
are not authorized to use the server 

■ Documents reviewed: Hub Server documents Security tab^ 
Access server field. 

■ Tools used: Domino Administrator; Configuration tab. 

■ Problem determination: LocalDomainServers does not have access to the 
Hub server. The LocalDomainAdmins group is the only group permitted 
access to the Hub server. 

Problem 2: A request to move Michelle Grassi's mail file did not complete. 
The mail file moved to the new server, but the old mail file was not deleted. 

■ Documents reviewed: Administration Requests database^ Pending 
Administrator Approval view^Mail file deletion request document. 

■ Tools used: Domino Administrator; Server tab^ Analysis tab. 

■ Problem determination: The request to delete the old mail file has not 
been approved. 

Problem 3: William Harris would like to schedule a Simple Action agent in his 
mail file. When he attempts to save the agent, he receives the following error 
message: 

You are not authorized to perform that operation. 

■ Documents reviewed: Hub Server document^Security tab^Run Simple 
and formula agents field. 

■ Tools used: Domino Administrator; Configuration tab. 

■ Problem determination: The user does not have access to run simple and 
formula agents - only the LocalDomainAdmins group has that access. 
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Lesson 8: Resolving User Problems... (continued) 
Troubleshoot Server and User Problems Exercise... 

Investigate causes of user problems 



Investigate the following reported problems, then record the documents reviewed, 
the tools your investigating, and the problem determined to be the cause. 

Problem 1 : William Harris is complaining of not receiving any mail. On examination, 
the Domino Server Log file shows the following error message: 

Error delivering to HUB/SVR/WWCORP mail\wharris ; File does not exist 

■ Documents reviewed: User EastOVs Person document; Mail server field. 

■ Tools used: 

■ Mail trace tool: Domino Administrator; Messaging tab^Mail tab; 
Tools^Messaging^Send Mail Trace. 

■ Person document: Domino Administrator; People & Groups tab^ 
People view. 

■ Problem determination: The mail server name for User EastOI is incorrect in 
the user's Person document. The mail file was moved manually to another 
server, and the Person document was not updated. 

Problem 2: Users receive the following error attempting to connect to Hub: 

The remote server is not a known TCP/IP host 

■ Documents reviewed: Hub's Server document; Ports tab^ Notes Network 
Ports tab^Net Address field. 

■ Tools used: Domino Administrator; Configuration tab. 

■ Problem determination: The host name is incorrect in the Hub Server document. 
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Appendix B ■ Worldwide Corporation Infrastructure Plan 



About This Document 



This document gives an overview of Worldwide Corporation's infrastructure. It is 
intended to provide an overall view of the environment as designed by the 
planning team. It does not provide details on specific Domino functionality. 

This document will be continually updated. Administrators should refer to the 
Policies and Procedures database on any Worldwide Corporation server for the 
latest version of this document. 

IBM Lotus Notes/Domino is Worldwide Corporation's global standard for 
electronic mail and for developing and deploying groupware applications. 
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Organization Structure 



The following figure shows the structure for Worldwide Corporation. 





Headquarters 




Manufacturing 




Research and Development 




Product Management 




Quality Control 




Finance 






Human Resources 




System Aministration 




i 



West 

Sales and Marketing 
Customer Support 
Distribution 
Human Resources 
Finance 

System Administration 



East 

Sales and Marketing 
Customer Support 
Distribution 
Human Resources 
Finance 

System Administration 



Sales Offices 



Sales Reps 



Sales Offices 



Sales Reps 
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User Needs 



The following table lists the access required by Worldwide Corporation users. 



Information Groups 


Who 


Domino Server 


Email/Communication 


All 


Application 


Polirip^ and Prorpdurp^ 


All 


Web 


Price list 

Product catalogue 


Sales 

Customers 

Resellers 


Application 
Web 


Customer Information: 
(DECs) 

Customer Service Application 


Sales 

Support 

Distribution 


Application 
Mail 

Communication 


Process information: 
Product Design 
Order Processing 


Development 
Product Management 
Manufacturing 
Sales 


Application 
Web 


Human Resources 


All 


Application 



Note: User needs were determined by function across all geographies. 
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Servers by Task 



Worldwide Corporation will designate servers to specific tasks based on 
Information Groups. The following table lists the servers, associated tasks, and 
rationale behind the decision. 



Server Type 


Tasks 


Rationale 


Hub 


Routes mail and 
replication databases to 
and from other hub or 
spoke servers 


Provide easier administration and 
maintenance. 


Internet 
Messaging 


Provides non-Domino mail 
services such as: 

■ POP3 

■ IMAP 

■ SMTP 

■ NNTP 

■ LDAP 


Use Domino server to: 

m r lUVlUt? t?l 1 l|JIUyfc?t?o Willi dLLcoo IU IIUll - 

Domino mail files. 


Mail 


Stores users' mail and 
databases and routes mail 
across the intranet and 
Internet 


■ Provide easier administration. 

■ Minimize server processor load. 

■ Reduce network traffic. 

■ Provide predictable server performance 
and grouping of users. 

■ Allow user access to databases when 
mail server is down. 


Application 


Stores application 
databases 


■ Provide easier administration. 

■ Group applications by usage, 
replication needs, and/or security 
requirements. 

■ Allow tuning of server to optimize 
performance and response time 
independent of mail usage. 

■ Ease of expansion by adding new 
database servers as usage and storage 
needs increase. 


Web 


Provides access to an 
application from the 
Internet or to corporate 
intranet. Can use either: 

■ Domino HTTP stack 

■ Microsoft IIS 


■ Can place outside the firewall for 
Internet access. 

■ Provide employees with access to 
corporate information from a browser. 
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Servers by Location 



Worldwide Corporation's domain 



There will be one Domino Domain (World) that includes all Worldwide Corporation 
offices. Worldwide Corporation's Internet domain name was previously 
established as WWCorp.com. 



Topology 



Worldwide Corporation has selected a hub-and-spoke topology for ease of 
management and future expansion. 

Each regional office will have a hub server and one or more spoke servers. 
Each site will be set up to run independently, although they will be connected to 
the corporate hub. 

Connection documents are required for replication to tell the corporate hub how 
and when to communicate with other servers and for spoke servers to connect to 
the corporate hub. 

Headquarters is the center of the infrastructure and houses the main hub server, 
which has high-speed links running to the offices. Each individual Domino server 
is responsible for its own mail routing and replication events. The hub server is 
responsible for replication of the critical databases between all its spoke servers. 

The following map shows the locations and types of servers. 



Headquarters 
Mail 




Application 



East 



Mail 



Application 
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Servers by Locat ion... (continued) 



The Headquarters hub server 



The hub server is the administration server for the Worldwide Corporation domain 
and replicates the Directory Catalog and the Administration Requests database to 
all other Domino servers within the Worldwide Corporation domain (WWCorp). 

Sales offices and sales reps will dial in to their local regional hub server using 
Notes clients and Internet clients, such as browsers. 

Customers and vendors will have access through a Web server at Headquarters. 



Domino Named Networks 



The regional sites will be logically grouped into Domino Named Networks (DNNs) 
since they share a common protocol (TCP/IP) and are constantly connected. 

Grouping the Domino Named Networks this way will ensure that users see 
information on their local servers to reduce network traffic. 

Each country office has one or more Domino servers. The following table shows 
the countries to be configured and the Domino Named Networks (DNNs) for 
each country. 



Region 


Code 


DNN 


Connect Status 


Headquarters 


HQ 


WWCorpHQ 


WAN 


East 


East 


WWCorpEast 


WAN 


West 


West 


WWCorpWest 


WAN 
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System Administration 

System administration is locally controlled by region, but monitored from the 
Corporate office. 

Administration tasks are controlled by regional administrators. 

General policies and guidelines are maintained and distributed from the 
Corporate office. 

Implementation and design changes are carried out after business justifications 
are submitted and approved. 

All system administrators use the Domino Administrator and Web Administrator 
for all administration tasks. 
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Network Strategy 

Worldwide Corporation added to their existing WAN by: 

■ Incorporating TCP/IP as their primary network protocol 

■ Developing a plan to phase out non-TCP/IP protocols over time 

■ Using a global frame relay network as its global WAN 

■ Adding networking to the West office 

■ Adding networking connections to all offices from Headquarters 

■ Upgrading existing server network cards and adding network cards 

Although the WAN was upgraded, Worldwide Corporation does not want to rely 
solely on the network. They purchased additional servers for regional offices to 
ensure reliability and consistency across geographical locations. 
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Directory Strategy 

There will be only one Domino domain (WWCorp) for the entire Worldwide 
Corporation Domino environment. The model matches the physical layout of the 
Worldwide Corporation WAN. The first configured server (the corporate hub) will 
have full administration rights over the entire domain. 

The Domino Directory will reside on the corporate hub server in Lisbon, 
and replicate to each regional hub server. The corporate hub will create Directory 
Catalogs, and replicate to regional hubs for use by remote users. Remote users 
can keep a local replica of the Directory Catalog on the client for faster response 
time and timely encryption of messages. 

System administrators will periodically update the Directory Catalog and replicate 
once a day to hub servers. 

Directory access is from: 

■ Notes clients 

■ Web browsers 

■ Other e-mail and directory clients 
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Replication Topology 



A hub-and-spoke topology will be used for replication. This structure consists of a 
main hub with two spoke servers, which are the regional hub servers. Each regional 
hub server also has its own spoke servers. 

The corporate hub server will be the main hub and take overall control of 
replication. There will be Connection documents from the main hub to all regional 
hub servers. 

Replication will be Pull Push. 

The following map shows Worldwide Corporation's replication topology. 



Corporate 
Hub 



Headquarters 

MaiX 




West 



East 



Application 



Application 
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Application Types 



Types of applications will be separated and reside on different application servers 
to isolate problems and simplify management. All applications will be replicated to 
the corporate hub for central control and reliability. 



Application 
Type 


Resides on 
Corporate 

Annlioation Qpr%#pr 

nfJfJH\*a tuUi 1 wCI VCI 

and... 


Replication 
Schedule 


Policies and 
Restrictions 


1 1 ctnmQr 
OUolUI I lt?l 

service 
application 


All ran i n q 1 
MM It^yiUlldl 

application servers 


PIqM\/ Hiirinn miitiiol 

uctiiy uuiniy iiiuiudi 

off-peak hours for 
Lisbon and regional 
hub 


■ 1 np£)l lanni ianPQ 

■ LUi>ai lai ly uayco 

and customs, 

■ Escalation 
procedures 


Purchasing 
application 


All regional 
application servers 


Daily during mutual 
off-peak hours for 
Lisbon and regional 
hub 


Local languages 
and regulations 


Policies and 

procedures 

database 


All regional 
application servers 


When changes are 
made 


Local languages 
and customs 


Price lists 


All regional 
application servers 


When changes are 
made 


Local languages 
and currencies 


Catalogs 


All regional 
application servers 


Quarterly, or when 
changes are made 


Local languages 


MRP 

application 


West application 
server 


When changes are 
made 


Local languages 
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Mail Routing Strategy 

Each region will have its own server that is responsible for local mail delivery, but 
will rely on the corporate mail server for inbound Internet mail: 

■ Simple Message Transfer Protocol (SMTP) will route mail to the Internet. 

■ The Notes Remote Procedure Call, NRPC, will route mail within the 
corporate intranet. 

The following configuration provides for ease of configuration and optimum load 
balancing and failover: 

■ One Internet domain 

■ ISP as a relay host to Internet 

■ Regional Domino Named Networks (one for each region) 

■ The corporate hub is enabled to route external mail using the SMTP protocol. 

■ All mail servers have Connection documents and route mail using 
NRPC internally. 



Mail administrators 



Administrators must perform the following tasks: 

■ Store the Internet domain name in the Foreign SMTP and Global 
Domain documents. 

■ List the inbound mail servers in the MX records in the Domain Name Service 
under the domain's name. Only one is required. (Note that load balancing for 
multiple servers is dependent on the algorithm used by the client SMTP 
system to select a server from the MX records.) 

■ Configure complete address lookup or configure local part only lookup to 
identify each mail recipient's mail server so that the router can make the 
final delivery. 
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Mail Routing Strategy... (continued) 



Mail clients 



Initially, all mail users will have Notes mail files. In the future, some mail users 
may use other Internet mail client software. At that time, Worldwide Corporation 
will set up select Internet POP3 Messaging Servers for non-Notes mail clients to 
access mail files on the Domino server. 



Mail monitors and controls 



The following mechanisms will be put into place for monitoring and controlling mail: 

■ Automated testing of mail routers 

■ Mail quotas 

■ Mail journaling 

■ Maximum message size for inbound and outbound message set to 
10 megabytes. 

■ User restrictions, such as full text indexing 



Mail routing topology 



The following map shows Worldwide Corporation's mail routing topology. 
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Worldwide Corporation Naming 
Conventions 



The following table defines the Worldwide Corporation naming scheme. 



Organization Component 


Value 


Certifier 


Organization (O) 


WWCorp 


CERT.id 


Organizational Units (OU) 


HQ: Headquarters 


HQ.id 




WEST: West 


WEST.id 




EAST: East 


EAST, id 




SVR: All servers 


SVR.id 



Organizational Units are based on geographical regions. 

The servers' Organizational Unit will be used for better control of management 
and creation of servers. 

All Organizational Units and common names are descendants of the Organization 
certifier /WWCorp. 



User naming 



The following table provides user naming conventions. 



Type 


Syntax 


Common name for Domino environment 


Firstname Lastname 


Internet mail addressing 


username@WWCorp.com where 
username = Firstlnitial Lastname 



Administering IBM Lotus Domino 6; Managing Servers and Users 



B ■ 15 



Appendix B ■ Worldwide Corporation Infrastructure Plan 

Worldwide Corporation Naming Conventions... (continued) 



Server naming 



The following table provides examples of regional server names. 



Region 


Code 


Server Names (Server Types) 


Headquarters 


HQ 


HQHUB/SVR/WWCorp (Hub/Comm) 
HQAPP01/SVR/WWCorp (Application) 
HQMAIL01/SVR/WWCorp (Mail) 


East 


East 


EASTHUB/SVR/WWCorp (Hub) 
EASTAPP01 /SVR/WWCorp (Application) 
EASTMAIL01/SVR/WWCorp (Mail) 


West 


West 


WESTHUB/SVR/WWCorp (Hub) 
WESTAPP01/SVR/WWCorp (Application) 
WESTMAIL01/SVR/WWCorp (Mail) 



Naming examples 



The following table provides naming examples. 



If You Want To... 


Then... 


Create a new 
server. 


Use the name XXType##/SVR/World, where: 

■ XX is the standard country code 

■ Type is the server type, for example, Mail 

■ ## is the server number of this type 

For example, the first mail server in Australia might be: 
AUMAIL01 /SVR/WWCorp 


Create a new 

Organizational 

Unit. 


Use the standard country code that identifies the location of the 
Organizational Unit. 

A new Organizational Unit for Canada might be: 
/CN/WWCorp 


Create a new user. 


Certify under the regional Organizational Unit where the 
user works. 

A new user named Sara Jones in London would be: 

Sara Jones/UK/ WWCorp 

The corresponding Internet name would be: 

SJones@WWCorp.com 
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Worldwide Corporation Naming Convent ions., .(continued) 



Certifier/ID management policy 



The following table describes the certifier/1 D management policy. 



Type 


Management Policy 


Organization certifier 


■ Corporate system administrators create the 0 certifier. 

■ Corporate system administrators create the OU certifiers. 

■ Access is limited to two administrators using multiple 
passwords. 

■ Store IDs on multiple floppy disks in protected areas. 


Organizational Unit 
certifiers 


■ Regional administrators and Corporate administrators 
keep copies of OU certifiers. 

■ Store IDs on multiple floppy disks in protected areas. 


Server IDs 


■ Corporate system administrators create all server IDs. 

■ Store IDs on the server. 

■ Use only for the server. 


User IDs 


■ Regional administrators create user IDs. 

■ Regional system administrators keep copies of IDs in a 
secure database on the regional hub server. 

■ Use a Certification Log database to track certification. 

■ All Certifier IDs have multiple passwords and expiration 
dates of two years from date of creation. 

■ Store backups in a secure off-site location. 


Key files for Internet 
(X.509) Certificates 


■ Using Domino as a Certificate Authority, administrators 
will create X.509 certificates using the Certificate Authority 
Application on a workstation and store the CA key ring on 
that workstation, not on the server. 

■ Do not distribute these files to other administrators in 
the organization. 

■ Store the certificates in a secure off-site location. 

■ Store in corporate user Notes ID files. 

■ Store in trusted LDAP directories (for customers). 
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Worldwide Corporation Naming Conventions... (continued) 



Hierarchical naming for Worldwide Corporation 

The following diagram shows the organization hierarchy, including currently 
planned server names. 



/WWCorp 



/East/WWCorp 



/West/WWCorp 



/SVR/WWCorp 



_HUB 

HQMAIL01 

HQAPP01 

WESTHUB 

WESTMAIL01 

WESTAPP01 

_EASTHUB 



_EASTMAIL01 



EASTAPP0 1 
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Remote Access 

Worldwide Corporation has determined specific Internet access for remote 
employees, vendors, resellers, and customers based on their needs. 

Internet access 



The following Internet access will be used: 

■ Authenticated access for employees 

■ Public access Web server for vendors, resellers, and customers, including 
controlled access to servers, applications, and data 



The following table describes types of access. 



Employees 


Customers 


Vendors 


Resellers 


X.509 certificates 


Anonymous access to 
catalog and public 
company information. 
Future: Username and 
password access to 
information about their 
own orders, for 
example, shipping 
information. 


Anonymous access 


Authenticated 
access through 
outside LDAP 
directories. 



Remote users 



Users at offices that do not have direct connections to the WAN can use an 
Internet Server Provider (ISP) to access the Domino system through a local 
Firewall server. 

Remote users can dial in to their mail server through the local Firewall servers. 
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Server Configurations and Security 

Worldwide Corporation has determined configurations for servers, including 
licensing, file structure, and server tasks. Server security has been defined as 
group access to servers. 



Server types 



The following table lists the server licenses that will be used for each of the 
server types. 



Server Type 


Server License 


Rationale 


Domino Mail and 
Internet Messaging 
servers 


Domino Mail Server 


To provide Domino and Internet 
mail services 


Application and Web 
servers 


Domino Utility Server 


To provide custom database 
applications for Notes and 
Web clients 


Hub server 


Domino Enterprise server 


To provide the following services: 

■ Clustering 

■ Partitioning 
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Server Configurations and Security ...(continued) 



File structure 



The following table lists the standard file structure on the servers. 



Path 


Contents 


Description 


Domino 


System files, client 
files 


Client files will be installed for network 
distribution purposes. 


Domino\data 


Databases, general 
data files 


Domino system databases that are 
required for Domino to function properly. 


Domino\data\critical 


Databases 


Critical applications that require 
frequent replication. 



Use the default installation file paths whenever possible to ensure standardized 
training and ease of support and troubleshooting. 

Tip: Store Domino executables on a separate disk than Domino data for better 
performance. 

These areas of the Domino file structure are only accessible to designated 
personnel for installation purposes. All other Domino data is protected by 
operating system security and is accessible to Domino administrators only. 
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Server Configurations and Security.. .(continued) 



Configuration documents 



Every Worldwide Corporation server has its own server Configuration document. 
This ensures that each server configuration can be modified separately and that 
there is a log of any changes made. 

The Domino configuration database will be used for server setup to streamline 
and automate setup. 

A Configuration document exists for each server type (for example, hub, mail, 
application) and is then distributed to other servers of the same type. 



Domino tasks by server type 



The following table lists the minimum requirements for all server configuration 
documents. 



Domino Server Type 


Recommended Tasks 


Standard services for all 
servers 


■ Mail Router ■ Agent Manager 

■ Replicator ■ Administration Process 

■ Indexer ■ Event Manager 

■ Statistics 


Mail servers 


■ Calendar Connector 

■ Schedule Manager 

■ HTTP for Web mail 


Application servers 


■ Standard services only, no additional services 


Hub servers 


■ HTTP, Both Mail and Applications 

■ SMTP (Headquarters hub only) 


Web servers 


■ HTTP for Web Applications 


Internet messaging servers 


■ POP3 and SMTP 

■ IMAP 

■ LDAP 

■ NNTP 
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Server Configurations and Security... (continued) 



Group naming for server access 

Groups will be used to determine access to servers and for added security. 
The following naming convention will be used to identify the location and 
type of group: 

region[global]descriptionofgroup 

For example: HQAdmins or GlobalSales 

Within groups, names are sorted in alphabetical order. 

Deny access groups 

As an added security feature, Worldwide Corporation will use four groups, which 
represent access denial to any Worldwide Corporation server. In each server 
restrictions setting, these groups will be added in the Not access server fields. 

The following table describes the four groups. 



Group Name 


Description 


Deny Access A-F 


Denial for people whose surnames begin with A-F 


Deny Access G-L 


Denial for people whose surnames begin with G-L. 


Deny Access M-R 


Denial for people whose surnames begin with M-R. 


Deny Access S-Z 


Denial for people whose surnames begin with S-Z. 



Before deleting a user from the Domino system, add the user to one of these 
groups. This will ensure immediate denial to any Worldwide Corporation server. 

Note: This is subject to replication of the changes throughout the domain, 
which will take no longer than 60 minutes. 
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Server Configurations and Security... (continued) 



Server configuration plan 



The following table describes the server configuration plan. 



Standard 


Requirement 


Database size quotas 


No database size quotas 


Database names 


No database naming standards 


File system directory 
structure 


Standard directory structure, for example: 

\Domino\Data\Global\HR1 

\Domino\Data\Global\Marketing 

\Domino\Data\Local\Marketing 

\Domino\Data\Local\Dev1 


Groups spanning the 
entire organization 


One group for all server administrators, for example: 
GlobalAdmins 

Groups for specific categories of employees, for example: 
GlobalSales 


Groups at all sites 


A group for each region, for example: 
EastAII (for all Worldwide Corporation employees in East) 
One group for administrators per region, for example: 
WestAdmins (for all server administrators in West) 
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Client Configurations and Security 

Worldwide Corporation has determined configurations for clients, including licensing 
and registration and desktop settings. Client security has been defined using security 
policies, including client IDs and certificates and group access to databases. 



Client licenses 



Client licenses will be: 

■ Notes Client for most users, all generic IDs, and any contractual or 
affiliate accounts 

■ Domino Designer for users who will create, modify, or design databases 

■ Domino Administrator for system administrators 



Client deployment 



Desktop, registration, and security policies will be used to set up users' environments. 

For Internet mail, account documents will be created locally for each mail protocol. 
Mail will be stored in Notes Rich Text format. 

Worldwide Corporation will use policy documents to create and update Location and 
Connection documents on workstations for dial-up users to determine where and 
how to locate the servers. 
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Client Configurations and Security. ..(continued) 



Client IDs and certificates 



The following table describes the policy regarding client IDs and certificates. 



Type 


Policy 


Notes 
client IDs 


■ Certify all IDs using a Domino certificate. 

■ Users responsible for secure or encrypted information, such as 
pricing information to resellers, will hold an Internet (X.509) certificate. 

■ Stored on workstations for all users and encrypted locally. 

■ Copies are kept in a secure location by regional as well as corporate 
administrators. 


Internet client 
browsers 


■ Accept CA certificate as a trusted root. 

■ Store internal signed client certificates for access to secure 
information. 



Group naming for database access 

Groups will be used to determine access to applications. The following naming 
conventions will be used to identify location and type of group: 

region[global]databasenameaccess 

For example: WestCustomerServiceReaders or GlobalPoliciesReaders 
Within groups, names are sorted in alphabetical order. 

File storage 

Client-based data files, such as IDs, Notes.ini, and *.dsk, will be stored on the 
workstation for all users and encrypted locally. 
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Implementing the Deployment Plan 

Implementation checklist 



Complete these tasks to implement the Notes/Domino components of the 
Worldwide Corporation deployment plan. 





Task 


Procedure 


□ 


1 


Set up the first server. 


□ 


2 


Add an administrator's workstation. 


1 — 1 


3 


Set up access to the Domino Directory. 


1 1 

LI 


A 

4 


negisier aominisiraiors. 


n 
LI 


c 
O 


moo urganizauonai unns. 


n 


D 


mqq uommo servers. 


□ 


7 


AHH NntPQ plipntQ 


□ 


8 


Create user nrouns 


□ 


9 


Create organizational policy. 


□ 


10 


Register users. 


□ 


11 


Set administration preferences. 


a 


12 


Set up access to servers. 


□ 


13 


Set up server logging. 


□ 


14 


Synchronize Domino system databases throughout the domain. 


□ 


15 


Add mobile clients. 


□ 


16 


Route mail internally. 


a 


17 


Route mail to the Internet. 


□ 


18 


Set mail controls. 


□ 


19 


Configure the Domino Web server. 


□ 


20 


Set up a certifying authority for SSL and S/MIME. 


a 


21 


Set up Internet protocols for SSL. 


□ 


22 


Set up browser and Notes clients for SSL and S/MIME. 


□ 


23 


Configure Internet messaging servers. 


a 


24 


Set up non-Domino messaging clients. 
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Appendix C ■ IBM Tivoli Analyzer for Lotus Domino 

About the IBM Tivoli Analyzer for Lotus 
Domino 

The IBM Tivoli Analyzer for Lotus Domino includes two integrated system- 
management tools: Server Health Monitor and Activity Trends. Using these tools, 
you can manage servers and databases, ensure better server performance, 
and plan for current and future needs. 

The IBM Tivoli Analyzer for Lotus Domino is a separate product offering from 
Lotus Domino 6 and Tivoli Systems. It requires a separate license to use. 
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Using Server Health Monitoring 

Server Health Monitoring is a method of checking overall and specific status. 
It provides recommendations on configuration changes that will improve the 
performance of the Domino server. Specifically: 

■ Overall server health containing recommendations for corrective actions. 

■ Individual component's health currently affecting server performance and in 
the recent past. 



The process 



The following diagram illustrates the process of setting up and using Server 
Health Monitoring. 



Install the Tivoli 
Analyzer for Lotus 
Domino. 



Enable health 
statistics and reports 
in Administration 
preferences. 



Set the polling 
interval in 
Administration 
preferences. 



Specify server 
components. 



Modify the Warning 
and Critical 
thresholds. 



Generate statistic 
reports. 



Enable statistic 
alarms in 
Events4.nsf. 
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Using Server Health Monitoring... (continued) 



Set the Administration preference 



Follow these steps to set the Administration preference. 



Step 


Action 


1 


Choose File-> Preferences-^ Administration preferences. 


2 


Select Monitoring. 


3 


Select the checkbox labeled Generate server health statistics and reports. 


4 


Select From this computer. 


5 


Enter 1 for Poll servers every 1 minutes. 


6 


Click OK. 



Begin Monitoring Server Health 



Follow these steps to begin monitoring server health. 



Step 


Action 


1 


Click the Server tab-> Monitoring tab. 


2 


Click the Start button. 

Result: The screen becomes editable and the upper left corner of the 
Monitoring tab contains a toggle between two monitor display modes: 

■ By State (the current status) 

■ By Timeline (historical reports) 


3 


Select the By State display mode. 

Result: Once data from servers start appearing, the column labeled Hea will 
include a thermometer icon, indicating the assessed server health. 
Green thermometers indicate healthy servers. A yellow thermometer 
indicates that a server is approaching levels of poor performance. A red 
thermometer indicates that a server is failing to perform acceptably. 


4 


Select the By Timeline display mode to show the list of servers. 


5 


Click the triangle next to your server to see results presented as indices from 
Oto 100, 100 meaning critical. 
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Using Server Health Monitoring.. .(continued) 




View the reports 



An administrator can see an assessment and recommendation for each of the 
components that comprise server health. Follow these steps to view Reports with 
more detailed information about the health of the server. 



Step 


Action 


1 


Choose Monitoring^ Display Health Reports. 

Note: If the About This Database document appears, choose File->Close to 
close the document. 


2 


In the Current Reports view, click the triangle next to your server. 
Result: This displays a snapshot assessment of the current server health. 


3 


Double-click to open the Overall Health document (at top). 
Result: This document lists the following: 

■ An explanation of the server's health rating. 

■ Recommendations for improving server health, if applicable. 


4 


Click Close after examining the Overall Health document. 


5 


Select the Historical Reports view and expand your server. 

Result: This view displays a history of server health over time. Each Overall 
Health document contains recommendations for improving server health. 



By default, historical reports are purged from the StatRep.nsf database after 
seven days. This default value can be changed using the following setting in the 
Notes.ini file: 



HEALTH_REPORT_PURGE_AFTER_N_DAYS=n. 
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Using Server Health Monitoring... (continued) 



Remove a server component 



An administrator can change the output of health reports by adding or removing 
server components. For example, the administrator might know of a current 
system limitation, such as an underpowered CPU that already has a replacement 
on order, so he does not want to have it appear in reports. The administrator can 
exclude CPU performance information from the health assessment and report for 
that particular server. 

Follow these steps to prevent the monitoring of particular Health components. 



Step 


Action 


1 


Select the Server Components view. 

Result: This view shows which Health components are currently selected for 
monitoring on each server. 


2 


Open the document for your server. 


3 


Click Override Automatic Selections. 

Result: The document is in edit mode so you can deselect components that 
do not require monitoring. 


4 


Click Cancel. 



Change health monitoring thresholds 

An administrator may want to lower a threshold so that a poor-health rating is 
triggered. For example, she may know that the company's machines all need a 
memory upgrade within a year therefore she wants plenty of advance notice 
before critical issues come up so there is enough time to order the memory. 

Follow these steps to change Thresholds by platform. 



Step 


Action 


1 


Select the Index Thresholds view. 


2 


Click the triangle next to any platform not used in class to expand the list. 


3 


Highlight Memory Utilization and click Edit Threshold Document. 


4 


Change the field labeled Warning Threshold to a lower value. 


5 


Click Restore defaults. 

Result: The thresholds are restored to the default values. 


6 


Click Cancel. 
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Using Activity Trends 

Activity Trends collects activity statistics on a Domino server and aids 
administrators with preventative maintenance that helps avert current and future 
server performance problems. 

Activity Trends has three components: 

■ Data Collection - performed by the activity trends server task. 

■ Data exploration - through a user defined chart of statistics at the server, 
database, or user level. The statistics can be for a single server or group 
of servers. 

■ Resource balancing - analyzes server resource utilization and provides 
recommendations for balancing the servers based on predefined 
resource goals. 



The process 



The following diagram illustrates the process of setting up and using Activity Trends. 



Enable Activity Enable Activity 

Monitoring in the Trends In the 

Configuration ^ Configuration 
Settings document Settings document. 



















Evaluate the current 
load on each server 
or groups of servers. 




Develop a resource 
balancing plan. 


► 


Enable the Domino 
Change Manager. 




— ► 


► 







Install the Tivoli 
Analyzer for Lotus 
Domino. 
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Using Activity Trends.. .(continued; 



Configuring activity trends 



In the Configuration Settings document^Activity Logging tab, there are two 
sub-tabs: Activity Logging and Activity Trends. 

■ Activity Logging sub-tab: Determines how frequently to log activity session 
data. The frequency interval is called a checkpoint. 

■ Activity Trends sub-tab: Controls the collection timing of activity data for 
trends analysis. The following table describes these fields. 



Field 


DpQprintion 


Enable activity trends collector 


Select Yes to run the Activity Trends Collector 
task. This is required for the Advanced 
Monitorinn tool 

iviv^i iilwi ii iy iuui. 


Activity trends collector 
database path 


The name of the database where Activitv 
Trends data is stored. 


Time of day to run activity 
trends collector 


Enter a time. Schedule the Activity Trends 
Collector to run after the Catalog task completes. 


Days of the week to collect 
observations 


Select the days to collect observations. 

An observation period is 24 hours from midnight 

to midnight. 


Trends cardinal interval 


Determines how many recent observations to 
weight more heavily than older observations. 
For example, entering 5 in this field causes the 
five most recent observations to be weighted 
more heavily than previous observations. 


Observation time bucket 
(seconds) 


Default is 300 seconds (5 minutes). The day is 
divided into 5-minute blocks of time to show 
when the activity occurred. 


Maximum observation list time 


Default is 366 (1 year + 1 day or 1 leap year). 
Amount of data that is kept in the Trends 
database before it is overwritten with new data. 


Trends history interval 


Select the desired frequency. 
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Using Activity Trends...(continued) 




Follow these steps to create a server group and set up statistics. 



Step 


Action 


1 


In the Configuration Settings document, enable Activity Logging and 
Activity Trends for either: 

■ Your server 

■ [All Servers] 

IiUIC. III Ul Ucl IU ItillltJVt? aUllVlly Udld, MUUVIly 1 1 til lUo IIIUol Ut? tJllaUltJU IUI al 

least one 24 hour period, midnight to midnight. 


2 


Click Server tab-> Performance tab. 


3 


Click Activity Trends-^ Latest-^ Database. 


4 


Click the plus sign under Saved server group configurations. 


5 


Select your server and click Add. 


6 


Select a different server and click Add. 


7 


Click Done. 


8 


Click u 1 and choose Save as. 


9 


Enter a descriptive name for the server group and click OK. 


10 


Click the plus sign under Saved statistics groups. 

Result: A list of database statistics appear. 


11 


Use the far left column in the dialog box to select the following statistics: 

■ BytesFromServer 

■ Connects 

■ DiskSpaceFileSizeGrowthRate 

■ Users 


12 


Click ."^Hi and choose Save as. 


13 


Enter a descriptive name and click OK. 
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Using Activity Trends m (continued) 



Evaluating sever statistics 



Follow these steps to evaluate server statistics. 



Step 


Action 


1 


On the Activity Trends screen, click the color-coded blocks under Sort in the 
upper right. 

ncauiii i i ic \j\ idi i uai o appeal ii i ucouci iuii ly oui i ui uci uaocu kji i ii ic vaiuco 

of the selected statistic. 


2 


Click one of the gray blocks under Type, then click it again. 

Result: The chart toggles between displaying the trend and the last 
observation. 


3 


Click one of the gray blocks under Period, then click it again. 

Result: The chart toggles between displaying the trend for the prime 
observation period and the trend for the 24-hour period. 


A 

4 


In the chart, mouse over each bar for one database. 
Result: A pop-up message box displays the following: 

■ The server and database name 

■ The trended value of the statistic 

■ An instruction to click the bar to see users who have used this database 


5 


In the Navigator pane, click Resource Balancing. 

Result: The automatic Resource Balancing interface appears 


6 


Click Current Profile and mouse over the bar. 

Result: A pop-up message box displays the following three components: 

■ The red component is the sum of transactions on the databases on that 
server that are in the top 30% of load in the system. 

■ The green component is the middle 30 to 70%. 

■ The blue component is the lowest 30%. 



For more information on using Predictive Analysis and Resource Balancing, 
please see the following documents in IBM Lotus Domino Administrator 6 Help: 

■ IBM Tivoli Analyzer for Lotus Domino 

■ Activity Trends 

■ Understanding how Activity Trends collect data 

■ Domino Change Manager 
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Using Activity Trends... (continued) 



Exploring the Activity Trends database 



The Activity Trends database records statistics on the activity of users (clients) 
against the databases on the server. Follow these steps to examine the Activity 
Trends database, and answer the questions. 



Step 


Action 


1 


From Domino Administrator, click the Server tab~^ Analysis tab~^ 
Activity Trends view. 


2 


The names of the three main categories in the Navigator pane are: 

■ Trends 

■ Observations 

■ History 


3 


In the Trends category, select the Users section-^ Connections view to see 
which databases have had the most activity (indicated by the green diamonds). 


4 


Select the History category. The difference between the Users view and the 
Prime Shift view is: 

■ Users: Trends during all times 

■ Prime Shift: Trends during peak hours as defined in the Configuration 
Settings document. 


5 


Select the Observations category^ Databases section->lnventory view to 
observe which databases should be compacted (% used less than 90%). 
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About This Appendix 

This appendix includes the additional features of IBM Lotus Notes and Domino 6 
that are not covered in the course, but may be useful as background information 
for those students who have not yet attended the Administering IBM Lotus 
Domino 6: Building the Infrastructure course. For complete details, refer to Lotus 
Domino Administrator 6 Help and the Administering IBM Lotus Domino 6: Building 
the Infrastructure course. 

This appendix contains the following topics: 

■ Facts about the Administration Process 

■ Server administration levels 

■ Policy management 

■ Differences in Notes/Domino 6 and Notes/Domino 6.0.1 

■ Server crash problem resolution and recovery 

■ Regional Organizational Unit certifiers for users 
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Administration Process 

The Administration Process is a program that automates administrative tasks. 

Examples 



The Administration Process automates the following types of tasks described in 
the table below. 



Task 


Examples 


Name-management 


■ Rename person 

■ Rename group 

■ Delete person 

■ Delete group 

■ Delete server name 

■ Recertify users 

■ Store Internet certificate 


Mail file-management 


■ Delete a mail file 

■ Move a mail file 


Server document-management 


■ Store CPU count 

■ Store platform 

■ Place network protocol information in 
Server document 


Roaming user management 


■ Roaming user setup 

■ Move roaming users 

■ Change a non-roaming user to roaming 

■ Change a roaming user to non-roaming 


User mail file management 


Store user's Notes version and client platform 
information 


Replica management 


■ Create replica 

■ Move replica 

■ Delete replicas 
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Administration Process... (continued) 



Components of the Administration Process 



Maintaining the Administration Process requires monitoring key components. 
The following table lists the components of the Administration Process. 



Component 


Description 


Administration 
Process task 


Posts and responds to requests in the Administration Requests 
database. Replicas of the Administration Requests database 
distribute requests made on one server to other servers in the 
domain or distributes mail requests to servers in other domains. 


Administration 
Server 


Server responsible for completing the Administration 
Process request. 


Administration 
Requests database 
(Admin4.nsf) 


Every server in the domain stores a replica of the Administration 
Requests database. 

If the Administration Requests database does not exist, 
the server creates a replica stub of the Administration Requests 
database and waits for it to be initialized from the Administration 
Server in the domain. 


Certification log 
(CertLog.nsf) 


The Administration Process requires the database to perform 
name changes and recertifications. 

This log contains a permanent record of how servers and users 
are registered, including information about the certifier ID. 
The Certification log also contains messages that describe the 
results of recertification requests that the Administration Process 
is processing. 
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Administration Process...(continued) 



Administration Process best practices 



The following are recommendations for using the Administration Process effectively. 

■ Administration Process (AdminP) task: 

■ Do not initiate Administration Process requests from the server console 
unless immediate action is required. 

■ Verify that the requestor has access to do manually what he is requesting 
through the Administration Process. 

■ Administration Requests database (Admin4.nsf): 

■ Select the Pending Administrator Approval view. 

■ Select the Errors view. (Reasons are detailed in the Error document.) 

■ Verify that all Certificate documents, with the appropriate key, replicate to all 
Domino Directories in the domain. 

■ Replicate the Domino Directory and the Administration Requests database 
with all servers in the domain on regularly scheduled intervals. 
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Creating Regional Organizational Unit 
Certifiers for Users 

Creating an Organizational Unit certifier 



Follow the steps below to create an Organizational Unit certifier. 



Step 


Action 


1 


From Domino Administrator, select the server to administer. 


2 


Click the Configuration tab. 


3 


From the Tools pane, choose Registration^ Organizational Unit. 


A 

4 


In the Choose a Certifier dialog box, perform the following; 

a. Click Server, select the appropriate server, and click OK. 

b. Select Supply certifier ID and password. 

c. Click Certifier ID, select a certifier ID file, and click Open. 

d. Click OK. 


5 


Enter the certifier ID password, and click OK. 


6 


On the Certifier Recovery Information warning, click OK. 


7 


On the Register Organizational Unit Certifier dialog box, perform the following: 

a. Click Registration Server, select a registration server, and click OK. 

b. Click Set ID File, enter the new certifier ID file name, and click OK. 

c. Enter the Organizational Unit name. 

d. Select a Password quality, and enter a certifier password. 

e. Enter the name of an administrator or group of administrators to receive 
certification requests. 

f. Click Register. 


8 


Click OK. 
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Distributing Administrative 
Responsibilities 

Notes/Domino 6 permits assigning different levels of administrator access to 
different groups of administrators. This places tighter controls on what tasks 
administrators can perform on a particular server. 



Administration levels 



The following table outlines administration levels and the associated rights found 
in the Server document-^ Security tab-> Administrators section. 



Server Document 


Description of Access 


Restricted System 
Administrator 


Can issue restricted subset of OS commands defined in the 
Restricted System Commands field. 


System Administrator 


Can issue any OS command using the Domino Server 
Controller. 


View only 
Administrators 


Same access as System Administrator, plus issue a safe 
subset of server console commands that do not affect server 
operation. For example, Show Tasks. 


Full Remote Console 
Administrators 


Same access as System Administrator, plus issue any server 
console command. 


Database 
Administrators 


Same access as Full Remote Console Administrators, 
plus perform database maintenance tasks such as: 

■ Specify the administration server for a database. 

■ Create, compact, and delete databases. 

■ Maintain full-text indexes, folder, database and directory 
links, and certain database options. 


Administrators 


Same access as Database Administrators, plus: 

■ Track mail messages. 

■ Use the Domino Web Administrator. 

■ Create databases, replicas, and master templates. 


Full Access 
administrators 


Same access as Administrators, plus: 

■ Manager access to all databases on the server 

■ All programmability rights 

■ All passthru rights 

Note: This level is similar to root level access on UNIX. 
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Distributing Administrative Responsibilities. ..(continued) 



Best practices for Full Access administrators 



This level is required only for exceptional system maintenance and problem 
resolution. This access level should only be given to trustworthy people who truly 
need access to all databases on the server. Given the powerful level of access 
that this setting allows, the following table lists recommendations for this field. 



Recommendation 


Description 


Leave the field blank 


No administrator has Full Access rights. 


Create a special Full Access 
administrator ID file 


For example, create an ID for Full Admin/ 
Sales /wwcorp and use that name in the Full 
Access administrators field. Consider requiring 
multiple passwords on this ID file. 
Administrators must login with or switch to this user 
ID to gain this level of access. 


Disable Full Access 
administrators in the Notes.ini file 


Set SECURE„DISABL E_FULL ADMIN = 1. 

This causes the server to ignore any values in the 
Full Access administrators field in the Server 
document. When access is required, remove the 
line from the file and restart the server. 
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Policy-Based Management 

Policies can control many user and administrative functions. An administrator can 
enforce Notes/Domino policies of various types and apply them to various 
groupings of users. 



Key concepts regarding Policies 



Here are key concepts to understand regarding Policy management: 

■ A policy is the Policy document and its associated Settings documents. 
Each Policy document contains pointers to selected settings documents. 
This combination of the Policy document and its Settings documents is what 
constitutes one policy. 

■ A policy can be either: 

■ Organizational, meaning it applies to an organization or an OU. 

■ Explicit, meaning it applies to specific users and may include users from 
different OUs. 

■ Policies can apply to various sets of users. They can apply to an entire 
organization, an OU, a group of users, or even one user. Multiple policies can 
apply to the same user and these can contain a contradictory value for the 
same setting. A precedence system determines which setting a user gets. 

■ In general, a policy that is more specific to a given user takes precedence 
over a more general policy. For example, settings in an explicit policy take 
precedence over the corresponding settings in an organizational policy. 

■ An Administrator can change this precedence scheme by selecting Inherit 
or Enforce for individual settings. An Administrator can also make the 
entire policy an Exception policy, meaning that its settings will take 
precedence over corresponding settings in all ancestor policies. 
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Policy-Based Management.. .(continued) 



What are Settings documents? 



There are numerous settings an administrator can specify in five types of Policy 
Settings documents. The following table shows examples of settings in each type 
of Settings document. 



Tvoe of Sett in as 
Document 


Dp^criotion 


Registration 


Specifies default settings on the User Registration 
dialog box. 


Setup 


Specifies numerous types of settings to implement during 
workstation setup. 


Desktop 


Specifies numerous types of settings to implement on an 
ongoing basis. For example: 

■ A custom corporate Welcome Page 

■ Smart Upgrade options 


Archiving 


Specifies what documents or attachments to archive from 
mail files and where to place the archive. Server-to-server 
archiving can archive all mail files to central server. 


Security 


Specifies controls on Notes and Internet passwords, 
as well as the Execution Control List (ECL). 
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How to Create a Settings Document 



A corporation may have several Settings documents of each type: Archiving, 
Desktop, Registration, Security, and Setup. For example, with de-centralized 
administration, each region of a corporation would need different: 

■ Registration Settings documents to specify a local Registration server and 
regional Organizational Unit certifier. 

■ Desktop Settings documents to specify standard databases on local servers. 



Creating a Settings document 



Follow these steps to create a Settings document. 



Step 


Action 


1 


From Domino Administrator, click the People & Groups tab-> 
Domino Directories section-^ Your Directory section^ Settings view. 


2 


Click Add Settings, then choose the type of Settings document from the 
drop-down menu. 


3 


If prompted, click Yes if all servers are running Release 4.67a or higher. 


4 


For Name, enter a descriptive name to easily identify the purpose of this 
Settings document. 


5 


Complete the appropriate fields on the tabs specific for the selected Settings 
document type. For complete details on each tab and field, refer to pop-up 
field help or the Lotus Domino Administrator 6 Help topic Creating policies. 


6 


Click Save & Close. 
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How to Create a Policy Document 



Most users in the organization will have the same settings, for example, a strong 
password quality. An Organizational policy enforces this strong password quality 
setting during user registration. If certain users do not need a password, an Explicit 
policy can override the password setting. 



fe^X Creating a policy 



Follow these steps to create a policy. 



Step 


Action 


1 


From Domino Administrator, click the People & Groups tab-> 
Domino Directories sectio n -> Vbur Directory section-* Policies view. 


2 


Click Add Policy. 


3 


If prompted, click Yes if all servers are running Release 4.67a or higher. 


4 


For Policy Name, enter the organization name (or Organizational Unit name). 


5 


For Policy Type, select either Explicit or Organizational. 


6 


For the Registration field, do one of the following: 

■ Select an existing Registration Settings document. 

■ Click New in that row to create a new Registration Settings document. 
Refer to the Creating a Settings document procedure earlier in this section. 


7 


Repeat Step 6 to complete the following fields: 

■ Setup 

■ Archiving 

■ Desktop 

■ Security 


8 


Click Save & Close. 
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Applying a Policy to Users 



Settings are applied statically or dynamically depending on the type of settings. 



Static vs. dynamic settings 



Below are examples of the difference between static and dynamic settings. 
Static Settings 

■ Set during user registration as highlighted in the following figure. 



8 mmct Ptovids name, pewword and other bsttc infoin>ation for the new person To view/eoSt 
additional regisfcf afon settings,, check the Advanced 1 checkbox below. 



First name. 



Middle name La* name. 



] 10 Into , 



F Advanced 



|d5u6ile2w3 [Tc 



[7 Create a Notes forth* 



E:«p*cit pofcy. 
LoUj-] lotei | /Optional Patiwoid 



|Haiti: 



Short nam 

|WHaiin 



Organization policy: 
VWWGotp 



"3 



jjeyjPw^«lJ pMigetePeopte... j F Import Teat Fie . H [y| [x'| 

Rej^Jtretion Queue (local): 

J_*>jRcgi strain Status - 



a 



Note: Click Policy Synopsis to see a summary of what settings will be 
applied to the user based on the selected policies. 



(continued on next page.. .) 
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Applying a Policy to Users... (continued; 



Static vs. dynamic settings... 



Set during workstation setup. The following figures show a Setup Settings 
document and the corresponding fields in a user's Location document that are 
set during initial workstation setup. 



Setup Settings : Standard Worldwide Setup 

jBtaicsjj Databases | Dial-up Connections | Accounts | Name Servers | 



Name: 



Standard Worldwide Setup 

Standard settings for all WWCorp employees 



Description: 



Setup Policy Option* 
far Bttirvprt . 



Catalog/Domain Search server: SearchOI /SVR/WWCorp 
Demi no Directory server Hu bl SVR/WWCorp 

Sametime server: stQl s'-y.piE com 



Location: Office (Network) 

Basics |(Seryefsj| Ports | Mail | Internet Browser 





Home/mail server: 


EastOI /SVR/WWCorp 


Passthru server: 


Catalog/domain search 
server: 


SearchOI /SVR/WWCorp 


Domino directory server: 


Hub/SVR/WWCorp 


Sametime server 


st 01 .wwcorp.com 



Dynamic Settings 

■ Set dynamically when the user authenticates with a server in the domain. 
For example, the Desktop Settings document contains many of the same 
settings as the Setup Settings document so that these settings can change 
dynamically whenever a user authenticates with the server. If a user changes 
one of the desktop settings, it will change back to the value specified in the 
Desktop Settings document, at the next authentication. 
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Viewing Policies and Assigning Policies 
to Existing Users 

There are various methods to assign explicit policies and view the effective policy 
of existing users. The effective policy is the combined collection of settings from 
different policies that apply to a user. 



Assigning an explicit policy to existing users 



The Tools pane in Domino Administrator provides two methods to assign an 
explicit policy to an existing user. Both methods set the explicit policy in the 
Person document(s): 

■ In the People view, by choosing Peopled Assign Policy 

■ In the Groups view, by choosing Groups^Assign Policy 

Displaying an effective policy for existing users 



There are two methods to display effective policies: 

■ In the People view, by selecting a Person document and choosing 
Policy Synopsis. 

■ On the Configuration tab, by selecting either: 

■ Polices^by Settings view 

■ Polices^by Hierarchy view 

Additional resources 

For more information on policies, refer to the following resources: 

■ The Administering IBM Lotus Domino 6: Building the Infrastructure course 

■ Lotus Domino Administrator 6 Help topics 

■ Policies 

■ Organizational and explicit policies 

■ Policy hierarchy and the effective policy 

■ Planning and assigning policies 

■ Crea ting policies 

■ Managing policies 
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Point Release Changes 

This course was developed and tested using IBM Lotus Domino 6.0.1. If using 
IBM Lotus Domino 6, you will notice some changes in the user interface, many of 
which are noted throughout this guide. 



Domino Directory outline view 



The Domino Directory outline view changed in Domino 6.0.1 . to match more 
closely the organization of documents on the Domino Administrator Configuration 
tab. Below are examples of the Domino Directory outlined in both releases. 



Domino Directory Outline 6.0 



Domino Directory 



+ 1 People 

IB III Groups 
G3 S3 Policies 
S H? Servers 

| IS Certificates 

II) Clusters 

$• S3 Configurations 

S3 Connections 

p-iU Deny Access Groups 

13 Directory Servers 

r-iHJ Extended Directory Cat 
(IS Domains 

I SU External Domain Netwi 

File Identifications 

S3 Holidays 

SB Internet Sites 

IS) Licenses 
~-[H3 Mail Users 
$-(11] Mail-In Databases and 
(IS Networks 

H3 Programs 

(IS Servers 

HE Setup Profiles 

H Web Configurations 
S3 V3 Stats and Events 



VAv'Corp's Directory 



Domino Directory Outline 6.0.1 



Domino Directory 



S ^ People 

® liliGroups 
S B& Configuration 
S- OQServers 

JH All Server Documents 
S - 33 Configurations 
23 Connections 
H3 Programs 
33 External Domain Netv 
©~I|j£ Messaging 
Q Replication 
(IjJ Directory 
3 Policies 
$?>Web 
® Clusters 
1B3 Certificates 
LJ Miscellaneous 



WW Co rp ' s D i r e ct o ry 
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Troubleshooting a Server Crash 

The following checklists contain information that you should collect in the event of 
a server crash. Lotus Support Services will require this information when needing 
assistance in troubleshooting a server crash. 



Collecting system information 



Follow these steps to collect the necessary system information. 





Step 


Action 




1 


Collect the following system information: 






■ Network type and version; network protocol(s) and version(s) 






(including file dates) 






■ Server hardware 






■ Operating system version 






■ System-level patches 






■ Domino server version 






■ Names of API programs and tasks, gateways, backup programs, 






executable scripts, third-party programs, and so on 




2 


Note changes to these elements of the Domino environment. If possible, 






revert to the previous configuration to see if the problem still occurs: 






■ Network changes (new Router or upgrade to network software or firmware) 






■ Network interface card (NIC) changes (new NIC, or old NIC software 






driver and new operating system) 






■ Operating system changes (upgrade of operating system or new patch) 






■ Domino changes (upgrade to a new release of Domino or migration of 






new users) 






■ Other hardware or software changes 
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Troubleshooting a Server Crash...(continued) 




Reviewing crash files 



Follow these steps to review crash files. 



otep 


Action 


A 
1 


it a NoU log or unix uuhc Tile was created. 

■ Verify the time and date of the file. This should coincide with the time and 
date of the crash. 

■ Rename and save the NSD log or UNIX CORE file so that Domino does 
not overwrite it during a future crash. 

Note: If a crash does not produce a NSD log or UNIX CORE file, the server 
may be out of disk space or memory. Generate a Memory.dmp to resolve 
memory problems. 


2 


Check the Miscellaneous Events view in the Domino Server Log. 

■ Record all entries that occurred immediately before and after the crash. 

■ Look for an NSF file in the entry. This file may indicate where the crash 
occurred. If a particular database appears to have caused the crash, 
check the replication history of that database for additional information. 


3 


Make a copy of the Notes.ini file. 


4 


Collect these Configuration files: 

■ NetWare 

■ Net.cfg 

■ Autoexec. ncf 

■ Startup, ncf 

■ Windows 

■ Windows diagnostics file 


5 


Check the Lotus Support Services Web Site at http://www-3jbm.com/ 
software/fotus/support/ for anv error messaaes found or other problem 
resolutions. 
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Troubleshooting a Server Crash...(continued) 



Documenting crash information 



Follow these steps to document crash information. 



Step 


Action 


1 


If possible, capture the last screen displayed on the console. 

Note: Press Alt+ Print Screen on Windows systems to capture the 
server console window. 


2 


If the last message on the console starts with the word Panic, record the 
entire message for Lotus Support. 


3 


To review information about the server crash, click the Server tab-> 
Analysis tab->Domino Server Log section-> Miscellaneous Events view. 



Eliminating potential causes 



To eliminate specific tasks or ports suspected to be the problem, open the 
Notes.ini file in any text editor, and remove server tasks and ports from the 
following lines for the purposes of troubleshooting: 

■ ServerTasks 

■ ServerTasksAt 

■ Ports 

■ DisabledPorts 
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Analyzing a Crash File 

Notes System Dump (NSD) files can help determine the cause of a server crash. 
A program called NSD (Nsd.exe for W32 platforms, Nsd.sh for Unix platforms) 
creates a crash file in the Domino data directory. The file contains information about 
the tasks running when the crash occurred as well as general system information. 

This is just a brief look at a crash file. Analyzing an NSD log file is a lengthy and 
detailed subject requiring extensive knowledge of the Notes/Domino architecture. 



Sample NSD log file 



This sample NSD log file occurred after a server crash as a result of storing 
multiple replicas of a database on one server in a cluster. The server crash 
occurred regularly, in various server processes, and was sometimes 
accompanied by one of the following memcheck errors in the NSD output. 

ERROR: Unaligned VBLOCK BLK_NSF_POOL [27 , 33 67] 

ERROR (31) : Invalid POOL (0x0252) free size 187 @936944 

############################################################### 
############ thread 16/47 :: server, pid=909, lwp=16 ########## 
############################################################### 

[I] eef39afc lwp_cond_wait (ed7fl0a0, ed7fl088, ed7fl078) 
[2] ef7910e4 _ti_sleep (le, 41, 6cl5c, 0, 0, 0) + b4 

[3] ef077420 fatal_error (a, ef65ef84, ef654d8c, ed7fll60, 
ed7fle84, ed7fle3c) + 29c 

[4] ef79006c sigac thandler (a, ed7fl738, ed7fl480, 28, 
ed7fle84, ed7fl3e0) + 658 

[5] ef07b0ec OSLockWriteSem (eac51bbb, 11, 38d, eaaddf48, ld7f, 
3) + 20 

[6] ef201298 BUFDbFlush (eaef4198, ffff, ef739008, ef7387f8, 
ea6e2d24, eaef4554) + 128 

[7] efla0b8c DbFlushExtended (eaef4198, 0, 0, ef654d8c, 0, 0) + 
3c0 

[8] efl72350 FlushDB (0, ed7fla4c, 266, 1, efl722f4, ed7flac8) 
+ 5c 

[9] efl71ec4 StateMachine (ecfa4510, ef664cd4, ef664cc4, 
ef664cc8, ef664cd0, 1) + IdO 

[10] efl6fb74 DbAgeDbCache (ecf9eeb8 ; 1, ef7387f8 ; ef73a68c ; 
ef654d8c ; ecf9eec4) + 430 

[II] efl6f710 NSFProcessDbCache (0, ef73a68c, 37, 7cb38, 
ee004e00, 0) + cc 

[12] 00028258 DbCacheTask (d920 ; 1, d920 ; 1, 77800, ee002ab8) + 
IcO 

[13] 0001f20c Scheduler (0, 77b34 ; fcOO, 7718c ; 2, ffff) + lec 
[14] ef08c208 ThreadWrapper (0, lf020, 0, 70646e65 ; 0, 0) + 6c 
[15] ef7925dc _thread_start (0, 0, 0, 0, 0, 0) + 340 
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Analyzing a Crash File...(continued) 
Important information in the crash file 

The crash file contains a lot of important information, such as: 

■ The server task where the crash occurred, in this case, "server" 

■ Error messages 

■ A "fatal_error" code 

Lotus Support will require this information to help troubleshoot the server crash. 
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E ■ 2 



Administering IBM Lotus Domino 6: Managing Servers and Users 



Appendix E ■ Bibliography 

General References 



Redpapers 



Refer to the following Redbooks/Redpapers available on 
http://www.redbooks.ibm. com : 

■ Upgrading to Domino 6: Performance Benefits 

■ Upgrading to Lotus Notes and Domino 6 



LDD Today articles 



Refer to the following LDD Today articles available on the Lotus Developer 
Domain Web site at http://www-10.lotus.com/ldd . 

■ What's cool about the Notes/Domino 6 Ul 

■ Early adoption of Notes/Domino 6 at IBM 

■ A sampling of new Domino 6 variables 
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References for Lesson 1: Managing 
Users and Groups 

Shared mail 



For more information on shared mail and unlinking shared mail files, refer to the 
following Lotus Domino Administrator 6 Help topics: 

■ Shared mail overview 

■ How shared mail works 

■ Setting up shared mail databases 

■ Managing a shared mail database 

Administration Process 



For more information on configuring the Administration Process, refer to the 
following Lotus Domino Administrator 6 Help topics: 

■ Setting up the Administration Process 

■ The Administration Process 



Requesting a name change 



Users can request a name change via e-mail. The name change is completed via 
mail actions by the administrator and the user. For more information, refer to the 
Lotus Notes 6 Help topic Requesting a new User Name. 

Delegating mail access 



For information on delegating mail, refer to the Lotus Notes 6 Help topic 
Delegating access to your mail database. 

Using alternate an language/name 



For information on using an alternate language/name, refer to the Lotus Domino 
Administrator 6 Help topic Adding an alternate language and name to a user ID. 
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References for Lesson 2: Managing 
Notes and Non-Notes Clients 

Using trusted directories to authenticate users 



Web users must be listed in the Domino Directory or a trusted directory in order to 
access restricted resources on the Web server. 

Refer to the Lotus Domino Administrator 6 Help topic Directory Assistance for 
more information on setting up Directory Assistance to authenticate via a 
trusted directory. 
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References for Lesson 3: Managing 
Servers 

Backup utilities 



Backup utilities are available for Domino 6. For more information on backup 
utilities, refer to the following Web sites: 

■ Lotus Developer Domain, htt p://www-1QJotus.com/ldd 

■ IBM Tivoli Software, http://www.ibm.com/software/tivoli 

Transaction logging 



Refer to the LDD Today articles available on the Lotus Developer Domain Web 
Site at http://www-1 0. lotus.com/ldd : 

■ Assessing the impacts of new transaction logging features 

■ More on Domino 6 transaction logging 

Running Fixup 



For more information on when to run Fixup, refer to Technote 183377 
When Should FIXUP Be Run on a Database? on the Lotus Support Services 
Web Site, http://www-3.ibm.com/software/lotus/support/ . 

Activity logging and Activity Trends 

For more information about activity logging information, refer to the Lotus Domino 
Administrator 6 Help topic The information in the log file. 

Refer to Appendix C: IBM Tivoli Analyzer for Lotus Domino for more information. 

Note: IBM Tivoli Analyzer for Domino is a separate product and requires a 
separate license. 

Automating server tasks 



Refer to the following Lotus Domino Administrator 6 Help topics for complete 
details on command line options for the Updall and Compact server tasks: 

■ Updall options 

■ Compact options 
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References for Lesson 4: Updating 
Servers 

Cross-certification 



For more information on cross-certification, refer to the following Lotus Domino 
Administrator 6 Help topics: 

■ Issuing cross-certifies tes 

■ Examples of cross-certification 

Authenticating with another organization 



For more information on the methods for cross-certification, refer to the 
references in the following table. 



Cross-certification Method 


Lotus Domino Administrator 6 Help Reference 


Cross-certifying by electronic mail 


Adding a Notes cross-certificate for IDs by 
Notes mail 


Cross-certifying by disk media 


Adding a Notes cross-certificate for IDs by 
postal service 


Cross-certifying at the time of 
connection 


Adding a Notes or Internet cross-certificate 
on demand 



Decommissioning a Domain Search server 



For more information, refer to the Lotus Domino Administrator 6 Help topic 
Decommissioning a Domain Search server. 
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References for Lesson 5: Setting Up 
Server Monitoring 

LDD Today articles 

Refer to the following LDD Today articles on the Lotus Developer Domain Web site, 
http://www-1 0.lotus.com/ldcl : 

■ Start using Domino 6 Server Health Monitoring now! 

■ Jim Rouleau on Domino 6 server availability 

■ Rules-of-thumb for monitoring Windows NT/2000 and Domino statistics 

■ The new Domino 6 NotesBench workloads: Heavier by request! 

■ Analyzing system resources with platform statistics 
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References for Lesson 6: Monitoring 
Server Performance 

Using Domino Web Administrator 



Refer to the Lotus Domino Administrator 6 Help topic Administrator roles in the 
Web Administrator for more information on using roles to limit an administrator's 
access in Domino Web Administrator. 



Additional resources 



For more information on monitoring server performance, refer to the following 
Lotus Domino Administrator 6 Help topics: 

■ Tools for measuring server performance 

■ Improving Domino server performance 

■ Improving Database and Domino Directory performance 

■ Server. Load 



LDD Today articles 



Refer to the following LDD Today articles on the Lotus Developer Domain Web site, 
http://www-1 0.lotus.com/ldd : 

■ Agent variables 

■ Domino 6 performance features 

■ Domino 6 performs! 
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References for Lesson 7: Resolving 
Server Problems 

Solving server access problems 



Use any of the following additional resources: 

■ View the Domino Server Log (Log.nsf) for error messages and problems. 

■ Refer to the following topics in Lotus Domino Administrator 6 Help: 

■ Checking the Domino Directory for errors that affect server access 

■ Checking the server ID for a problem that affects server access 

■ Lookup any error messages on the Lotus Support Services Web Site at 
http://www-3.ibm.com/software/lotus/support/ . 

Solving Administration Process problems 



Use any of the following additional resources: 

■ Check the following views in the Administration Requests database for 
possible reasons the request failed: 

■ All Errors by Date 

■ All Errors by Server 

■ Refer to the following topics in Lotus Domino Administrator 6 Help: 

■ Administration Process - Problems and error messages 

■ How to troubleshoot the Administration Process 

■ Administration request messages 

■ Look up any error messages on the Lotus Support Services Web Site at 
http://www-3.ibm.com/software/lotus/support/ . 
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References for Lesson 7: Resolving Server 

Problems... (continued) 

Solving connection problems 



Use any of the following additional resources: 

■ View the Domino Server Log (Log.nsf) for error messages and problems. 

■ Refer to the following documents in Lotus Domino Administrator 6 Help: 

■ Modems and remote connections - Troubleshooting 

■ Network connections over NRPC -- Troubleshooting 

■ Network dialup connections - Troubleshooting 

■ From the Lotus Developer Domain Sandbox Web site at 
http://www-10.lotus.com/ldd/sandbox.nsf : 

■ Download the Notes Connect diagnostic tool, NPing.exe, or the Java-based 
diagnostic tool, JPing.exe. 

■ Refer to the LDD Today article titled Testing TCP/IP connection with 
NotesCONNECT. 

■ Look up any error messages on the Lotus Support Services Web Site at 
http://www-3.ibm.com/software/lotus/support/ . 

■ If recent changes to a server include host name, IP address, or port names, 
it may be necessary to clear some system fields in the Server document. 
Refer to the following technotes on the Lotus Support Services Web site: 

■ How to Disable Server Cache of the Last Known Address 

■ Where are Server Addresses Cached in Notes and Domino? 
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References for Lesson 7: Resolving Server 

Problems. ..(conf/nuecty 

Solving Agent Manager problems 



Use any of the following additional resources: 

■ Set the Notes.ini file setting (Log_AgentManager=1), then view the Domino 
Server Log (Log.nsf) for error messages and problems. 

■ View the Agent Log for a particular agent. 

■ Refer to the following topics in Lotus Domino Administrator 6 Help: 

■ Tools for troubleshooting Agent Manager and agents 

■ Agent manager and agents -- Problems and error messages 

■ Refer to the Lotus Domino Designer 6 Help topic Security for agents on 
servers and the Web. 

■ Look up any error messages on the Lotus Support Services Web Site at 
http://www-3.ibm.com/software/lotus/support/ 

■ Refer to the LDD Today article titled, Troubleshooting agents in 
Notes/Domino 5 and 6 available on the Lotus Developer Domain Web site at 
http://www-1Qlotus,CQm/tdd » 



Solving replication problems 



Use any of the following additional resources: 

■ Set the Notes.ini file setting (Log_Replication=1 , 2, 3 or 4), then view the 
Domino Log file (Log.nsf) for error messages and problems. 

■ Refer to the following topics in Lotus Domino Administrator 6 Help: 

■ Tools for troubleshooting replication 

■ Replication -- Problems and error messages 

■ Look up any error messages on the Lotus Support Services Web site at 
http://www-3.ibm.com/software/lotus/support/ . 

■ Search for technotes on the Lotus Support Services Web site with the 
following keywords: 

■ replication purge interval 

■ replication database ACL 

■ replication settings 

■ replication readers field 

■ replication history 

■ replication conflict 
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References for Lesson 7: Resolving Server 

Problems... (continued) 

Minimizing replication and save conflicts 



Use any of the following additional resources: 

■ For more information on document locking, refer to the following additional 
resources: 

■ How to enable document locking: Document Locking in Lotus Domino 
Designer 6 Help 

■ How users lock a document: Locking Documents in Lotus Notes 6 Help 

■ For more information on merging replication conflicts, refer to the Lotus Domino 
Designer 6 Help topic Forms Properties box - Form Info tab f Conflict Handling. 

Troubleshooting a server crash 



Refer to the following White Papers found on http://www-3.ibm.com/software/ 
lotus/support/ : 

■ Troubleshooting Notes/Domino Server Crashes 

■ Troubleshooting Notes/Domino Server Performance 

Also refer to the following Lotus Domino Administrator 6 Help topics: 

■ How to troubleshoot server crashes 

■ Server crashes - Problems and error messages 

■ Fault recovery 

Lookup any error messages on the Lotus Support Services Web site at 
wwwJotus.com/support/ . 

Refer to the LDD Today article titled, Notes from Support: Calling Support with a 
Domino server crash available on the Lotus Developer Domain Web site at 
http://www-1 0. lotus .co m/ lad . 
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References for Lesson 8: Resolving User 
Problems 

Resolving workspace and database problems 



Use the following additional resources: 

■ For specific details on other issues, refer to Lotus Domino Administrator 6 
Help. Begin by reviewing the following topics: 

■ Database performance - Troubleshooting 

■ Managing databases with the Files tab 

■ Monitoring database activity 

■ Determining the file format of a database 

■ Database maintenance 

■ Additionally, refer to the following in Lotus Notes 6 Help: 

■ Troubleshooting topics 

■ Documents resulting from searching for keywords: desktop, error, or cache 

■ Look up any error messages on the Lotus Support Services Web site at 
http://www-3Jbm.com/sQftware/lotus/support/ , 

Solving connection problems 



Use any of the following additional resources: 

■ View the Domino Server Log (Log.nsf) for error messages and problems. 

■ Refer to the following documents in Lotus Domino Administrator 6 Help: 

■ Modems and remote connections - Troubleshooting 

■ Network connections over NRPC - Troubleshooting 

■ Network dialup connections - Troubleshooting 

■ Look up any error messages on the Lotus Support Services Web Site at 
http://www-3jbm.com/software/lotus/support/ , 

■ If recent changes to a server include host name, IP address, or port names, 
it may be necessary to clear some system fields in the Server document. 
Refer to the following technotes on the Lotus Support Services Web site: 

■ How to Disable Server Cache of the Last Known Address 

m Where are Server Addresses Cached in Notes and Domino ? 
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